Statistics from a phisher’s list

Yesterday night I was following some security related forums and some person posted a phishing kit for a popular bank from Romania.  A phishing kit is a collection of scripts to help a script kiddie launch a phishing exploit and steal data such as credit card information, passwords.  While looking through the contents of this phishing kit, to my surprise I found a log file containing many valid credit card numbers and other sensitive information. The phishing kit author posted his own kit on the forums but forgot to delete the log file before doing so.
The log file contained the following information:

Name
Address
Town/City
Phone Number
CNP
Credit Card Number
Credit Card Expiry Month
Credit Card Expiry Year
CVV (Credit Card Code)

There is one piece of information that is more interesting than others; CNP.  In Romania every citizen has a Personal Numeric Code (Cod Numeric Personal – CNP), which is created by using the citizen’s gender and century of birth, date of birth, the country zone, followed by a serial number and a checksum.
I’ve quickly made a Python script to parse the CNP data, validate it and extract the interesting information such as gender and date of birth, to get some interesting statistics.  I’ve also computed the CNP checksum to make sure the number is valid and exclude bogus numbers.  Below is what (continue reading...)