The YouTube video features Lil Wayne rapping over a melancholy beat: “I see that guilt beneath the shame. I see your soul through your window pane.”
Displayed on the screen is a message for aspiring credit card fraudsters.
“Everyone…I’m selling full cc generator…I also sell full cc…Have much more hacking tools, software and other Business to offer. Only serious buyers.”
The pitch for credit card fraud plays alongside an ad for American Express credit cards — which means that the apparent cybercriminal who posted the video may profit not just on the stolen data but also on the ads purchased by the credit card companies that had their data stolen.
The odd set-up, it turns out, is not unique. YouTube is littered with videos marketing stolen credit cards and other tools for criminal ventures. (Many liven up their pitches with unauthorized samplings from famous musicians.)
A report to be released Tuesday by the Digital Citizens Alliance, an Internet safety advocacy organization, blasts Google Inc., YouTube’s parent company, for profiting from ads paired with such videos.
The illicit videos are so common that it’s almost inevitable that legitimate advertisers will get paired with them.
The process begins with a user posting a video onto the site and agreeing to allow ads. If the videos get a certain number of hits, their producers can get a cut of the revenue coming from the ads.
A search of credit card fraud terms reveals the extent of the problem: “CC Fullz” brings up 2,030 videos, according to the report. (Fullz is slang for a full package of identifying information on a credit card holder.) “Buy cc numbers” shows 4,850 results. And “CC info with CW” brings up 8,820 hits.
“Many of these videos are embedded with advertisements, which means that Google is effectively in business with crooks peddling stolen or bogus credit cards,” the report states.
The videos are commonly displayed alongside ads for major companies. In one instance, the accompanying pitch was for Target, a company still reeling from the kind of credit card attacks these videos help facilitate.
Asked about the pairing by The Times, Target spokesman Evan Lapiska said “the ad placement in question is a clear violation of the contract terms with the vendor who manages ad placements online.”
“We are working with them to address this issue as soon as possible,” Lapiska said in a statement.
Target and other advertisers have little control over whether their promotions get paired up with fraud videos. The responsibility for weeding out such videos falls on YouTube and Google.
Tom Galvin, executive director of Digital Citizens Alliance, said Google has failed to implement a systemic fix for keeping such videos from going live.
Galvin acknowledged that it would be untenable for YouTube to check every video that gets uploaded onto the site. But he said common search terms such as “fake credit card numbers” should be vetted.
“YouTube is supposed to be this mainstream site,” Galvin said. “It’s not a good thing when these mainstream sites start looking like the dark corners of the Internet.”
Galvin said he didn’t blame the advertisers, such as Target, who ended up on the illicit videos: “They’re kind of captive to the system.”
Google, which owns YouTube, did not respond to questions from The Times.