Cyber Loss Prevention
Credit card fraud accounted for $28.58 Billion in losses for global financial institutions in 2020 alone. To
combat rampant fraud,
the cyber loss prevention team at Eagle One Financial is taking a non-traditional approach to combat
losses: scraping credit card dumps from dark web pages in an effort to try to identify compromised
accounts.
Ryan Club - The Dark Web
Click the link below to be taken to
Ryans Club - a
simulated dark web location that recently
published a large dump of stolen credit card numbers.
- Scrape the available listings from Credit Card Dump 349473
- The data is incomplete (because they want you to buy it) - so run the available details for each
card against the Eagle One Financial Customer DB
- If a match is found, log the Eagle One Financial Customer ID, First Name, Last Name, Full Card
Number, CVV, and Brand to the account cancellations CSV (template below)
- Once you've captured each user's details in the CSV, upload the file using the uploader below to
validate your results
- NOTE: Just like many pages on the dark web, Ryan's Club can't be accessed directly by URL,
You MUST click the link below to launch Ryan's club - as the data loaded each time is randomized and
tied to this page.
The data available for each stolen credit card is incomplete (because they want you to buy it) - so scrape
the listings on their page and try to identify how many (if any) of the cards listed were issued.
Eagle One Financial - Customer Database
The database provided below is a SQLite DB. It contains all of Eagle One Financial's customers - with
their data spread across 2 tables. (Note: if you want to explore the data/table structure a bit more,
you can download SQLiteStudio to take a look at how the database
is set up or you can review the database diagram here)
- The customer_details table contains basic customer details like name, customer ID, and address
- The card_details table contains the full credit card details for each customer, and is linked to the
customer_details table by foreign key of customer ID.
Since the data available in Ryan's Club isn't complete, you'll need to figure out how to best check for
matching customers using the data that's available.
Eagle One Financial - Cancellations CSV Template
Eagle One Financial's objective is to eliminate/reduce the financial impact of fraudlent transactions by
identifying and proactively cancelling/reissuing new cards to impacted customers. For each impacted
customer you identify:
- Download and enter their details in the cancellations CSV below
- Upload the file below once all impacted customer details have been entered into the CSV
The uploaded file will then be validated to provide you with a score on how quickly/accurately you were
able to identify the exposed customer's details.
Ryan's Club Username: notthecyberteam@gmail.com
Ryan's Club Password: letme!n
Since its a SQLite DB, it can be downloaded and queried locally using Automation Anywhere's Database
Package.
Add all matched customers to this CSV template before submitting below.