Andrew Moloney, business director for financial services for RSA, part of EMC, during a presentation at the International e-crime Congress in London revealed the name of a sophisticated tool hackers are using to sell information such as credit-card numbers or e-mail addresses. Called, CarderIM, the program is a part of an underground economy dealing in financial data, showing the increased effort hackers are making to obscure their activities while using the Internet as a means to communicate with other criminals. Andrew Moloney, stated: "They're even investing in their own custom tools, their own places to work."

    The name, CarderIM, is a direct reference to the practice of "carding," or converting stolen credit-card details into cash or goods. Carding is a term used by fraudsters for a process they use to verify that sets of stolen credit card data are still valid. The fraudster will present each set of credit card details in turn on a website that has real-time transaction processing, making a purchase for a very small monetary amount so as not to use up the card's credit limit, and so as not to attract the attention of a human reviewer to the transaction. CarderIM's logo is funny: two overlapping half suns in the same red-and-yellow tones similar to MasterCard International's logo.

    Most of the time, the hackers who obtain credit-card numbers are not interested to convert the data into cash. But amongs them, a few want to make financial profit. Data buyers and sellers are constantly on the lookout for the "rippers" -- security experts or police who are gathering data on them, Moloney said. It's not known how widely CarderIM is being used, but its distribution appears to be limited, Moloney said. Searches through Google uncover a few passing but incomplete references to the program and find a copy of it it`s not easy.
Moloney stated: "To get ahold of it CarderIM you need to be part of one of the trusted groups, which we have agents within." During this presentation, Moloney showed a screenshot of an advertisement for CarderIM, which addressed the need to "secure the scene." The application supposedly uses encrypted servers that are "offshore" and does not record IM conversations.

"They know that we watch and listen," Moloney said. They Need a more secure IM application, because most of the free ones, transmit messages in clear text (not encrypted), which can be intercepted.