Hackers Targeting Western Union, MoneyGram, and PayPal

Back in February 2018, a few news articles were posted on the Clearnet reporting that Western Union had been hacked. The money transfer company stated in a letter released to customers that hackers had found their way into an “external vendor system” previously used by the company. More than likely this was an offsite cloud-based backup system that was compromised.

Whispers were also finding their way into certain parts of the dark web eluding to the fact that whoever hacked into Western Union compromised more than a few customers’ data. The general assumption made by those moving about in the secretive world of hackers is that exploits have been discovered that allow carders to process massive amounts of credit card dump data through money transfer and online escrow services, such as Western Union, MoneyGram, Skrill, PayPal, and a few others.

Western Union Admits to Criminal Money Laundering Charges

On January 19, 2017, the Federal Trade Commission (FTC) released a report stating that Western Union “admits to criminal violations including willfully failing to maintain an effective anti-money laundering program and aiding and abetting wire fraud.”

Stating that a person or corporate entity “willfully” failed to abide by the law or set of rules is a serious charge to make. It essentially means that the defendant is complicit of the crimes committed by other(s) because they knew the offense(s) were taking place, had the power to stop and report the said crime(s), but in effect did not do so.

The FTC Chairwoman stated, “Western Union owes a responsibility to American consumers to guard against fraud, but instead the company looked the other way, and its system facilitated scammers and rip-offs. The agreements we are announcing today will ensure Western Union changes the way it conducts its business and provides more than a half billion dollars for refunds to consumers who were harmed by the company’s unlawful behavior.”

In addition to that, Acting Assistant Attorney General Bitkower had this to say, “As this case shows, wiring money can be the fastest way to send it – directly into the pockets of criminals and scam artists. Western Union is now paying the price for placing profits ahead of its own customers. Together with our colleagues, the Criminal Division will both hold to account those who facilitate fraud and abuse of vulnerable populations, and also work to recoup losses and compensate victims.”

As a part of an agreement with the Feds, Western Union has agreed to pay a settlement of $586 million to the FTC, which will then be repaid to those who were victims of alleged fraud. Western Union also agreed to stiffen up its anti-fraud protocols to make it more difficult for hackers and carders to exploit its systems.

Nevertheless, it’s not just the company’s weak security that’s an issue. The FTC report accuses Western Union agents of actually working with scammers, hackers, and carders. Not only that, but U.S. Attorney Ferrer said, “Western Union, the largest money service business in the world, has admitted to a flawed corporate culture that failed to provide a checks and balances approach to combat criminal practices.”

Ferrer continues, “Western Union’s failure to implement proper controls and discipline agents that violated compliances policies enabled the proliferation of illegal gambling, money laundering, and fraud-related schemes. Western Union’s conduct resulted in the processing of hundreds of millions of dollars in prohibited transactions.

“Today’s historic agreement, involving the largest financial forfeiture by a money service business, makes it clear that all corporations and their agents will be held accountable for conduct that circumvents compliance programs designed to prevent criminal conduct.”

Hackers Exploiting Weaknesses In the System

It’s not just scammers and “rip-offs” plaguing companies such as Western Union and MoneyGram. Hackers have also begun to attack these sort of companies in order to cash in on their weaknesses. Many of these weaknesses lie in the fact that, unlike PayPal, Western Union and MoneyGram allow shop owners to operate as agents.

Many of these shop owners are not security savvy, thus unwittingly allowing hackers to sneak trojan software in their store computers. In recent months, security analysts working for Western Union and MoneyGram have reported finding remote admin tools (RATs) embedded deep within the computers of Western Union and MoneyGram agents.

The agents most likely to be targeted are small establishments in countries like Spain, Italy, Portugal, Brazil, and others where there are Western Union and MoneyGram agents operating on every street corner. It doesn’t take a rocket scientist to be accepted as an agent; as long as you own a convenience shop, a drug store, or some sort of financial business, such as a money exchanger, then you qualify.

So when highly sophisticated hackers stroll in and ask to print a document from their USB drive (a service common in poorer countries where the average person doesn’t afford to purchase a printer), these WU and MG agents have no idea that a virus like a RAT has just been injected into their computer system.

Since the agents are required to use iExplorer, which uses UBS keys, hackers are not able to take over the users’ session remotely without physically injecting a RAT into the computer. Once the user’s session has been compromised, hackers can wire money to anywhere in the world, whenever they wish. And with each agent allowed up to $25K worth of money wires daily, hackers and those working with them can make a killing.

Credit Card Hackers Taking Full Advantage Of Western Union

Hacking and credit card scamming go hand-in-hand a lot of the times. This is because those with the knowledge to encroach deep within people’s computer systems have what it takes to steal lots of credit card info. But what to do with all of this information once in their hands?

Even with their skill, hackers need to find ways to turn dirty card numbers into clean cash. Online stores like eBay and Amazon have made it more difficult over the years to use stolen credit cards or hacked escrow accounts to cash out. Therefore, hackers have had to adopt better and cleaner ways of collecting on that data.

It used to be that they would sell card information on the Darknet, but this comes with its own sets of problems. For one, not everyone is smart enough to get away with it. When want-to-be carders get caught trying to commit scams, this brings the heat. Secondly, they can’t just send all the money to themselves.

The solution is actually ingenious: if they sold card info, the going market is about $3 for each individual piece of card information. For full credit card details (also called “fulls), the price can go up to $10 per piece of information. And if you can’t send yourself cash transfers, the only answer is to send anonymous people cash transfers.

Selling Western Union, MoneyGram, PayPal, and Skrill transfers for 30 percent on the dollar to other anonymous people is both safer for the hacker and more lucrative. Believe it or not, there is an untold number of people who have made tons of cash cleaning hackers dirty card data by accepting Western Union and MoneyGram transfers.

Even though this highly secretive underground business has its own share of problems, such as scammers pretending to offer the same services, but running off with customers’ money, the business is thriving. This is because Darnet scammers who scam other Darknet users are usually busted out and exposed pretty fast. That’s why there is a review system on Darknet shops after all.




Leave a Reply