For as long as fraud artists have been around so also have opportunistic robbers who concentrate in pulling down different fraud artists. This is the story about several Pakistani Web page makers who seemingly have built an extraordinary residing impersonating a few of typically the most popular and well known “carding” areas, or online retailers that promote stolen credit cards.
One hugely common carding website that’s been highlighted in-depth at KrebsOnSecurity — Joker’s Deposit — brags that the countless credit and bank card reports available via their company were taken from merchants firsthand.
That is, the people running Joker’s Stash state they’re coughing merchants and directly offering card knowledge stolen from these merchants. Joker’s Stash has been linked a number of new retail breaches, including these at Saks Sixth Avenue, Master and Taylor, Bebe Stores, Hilton Lodges, Jason’s Deli, Whole Meals, Chipotle and Sonic. Indeed, with many of these breaches, the very first signs that some of the organizations were hacked was when their consumers’credit cards began turning up on the market on Joker’s Stash.
Joker’s Deposit retains a existence on a few cybercrime forums, and its homeowners use these forum accounts to tell prospective customers that its Internet site — jokerstashdotbazar — is the only way into the marketplace.
The administrators constantly warn consumers to keep yourself informed there are numerous look-alike stores collection as much as take logins to the true Joker’s Deposit or to create down with any funds deposited with the impostor carding shop as a prerequisite to searching there.
But that did not end a outstanding security researcher (not this author) from recently plunking down $100 in bitcoin at a website he thought was work by Joker’s Stash (jokersstashdotsu). Alternatively jokerstash, the managers of the impostor site claimed the minimal deposit for watching stolen card knowledge on the marketplace had increased to $200 in bitcoin.
The researcher, who requested to not be named, said he obliged by having an additional $100 bitcoin deposit, just to locate that his username and password to the card shop no further worked. He’d been conned by scammers scamming scammers.
As it happens, ahead of hearing using this researcher I’d obtained a pile of study from Jett Chapman, yet another safety researcher who swore he’d unmasked the real-world identification of the folks behind the Joker’s Deposit carding empire.
Chapman’s research, step-by-step in a 57-page record shared with KrebsOnSecurity, pivoted from public data primary from the exact same jokersstashdotsu that ripped off my researcher friend.
“I’ve gone to a few cybercrime forums wherever individuals who have used jokersstashdotsu that were puzzled about who they actually were,” Chapman said. “Many remaining feedback expressing they are scammers who will only ask for the money to deposit on the site, and then you may never hear from their store again.”
But the final outcome of Chapman’s record — that somehow jokersstashdotsu was related to the actual criminals operating Joker’s Stash — didn’t ring fully accurate, though it was professionally reported and completely researched. So with Chapman’s benefit, I provided his record with both researcher who’d been scammed and a law enforcement source who’d been checking Joker’s Stash.
Equally proved my suspicions: Chapman had discovered a huge network of websites listed and set up around several years to impersonate some of the greatest and longest-running offender credit card robbery syndicates on the Internet.