For so long as scam musicians have been around so too have opportunistic thieves who specialize in pulling off other fraud artists. This is actually the story about a group of Pakistani Web site manufacturers who obviously have produced an impressive living impersonating a number of typically the most popular and popular “carding” markets, or online retailers that sell stolen credit cards.
One extremely popular carding site that’s been included in-depth at KrebsOnSecurity — Joker’s Deposit — brags that the millions of credit and debit card reports available via their company were stolen from vendors firsthand.
That is, the folks running Joker’s Stash say they are hacking retailers and immediately selling card knowledge taken from these merchants. Joker’s Stash has been attached to many recent retail breaches, including these at Saks Sixth Avenue, Master and Taylor, Bebe Shops, Hilton Accommodations, Jason’s Deli, Full Foods, Chipotle and Sonic. Certainly, with these types of breaches, the first signs that the organizations were hacked was when their customers’charge cards began turning up available on Joker’s Stash.
Joker’s Stash maintains a existence on many cybercrime boards, and its homeowners use these forum records to remind potential customers that their Website — jokerstashdotbazar — is the only way in to the marketplace.
The administrators constantly warn buyers to keep yourself informed there are many look-alike stores collection up to steal logins to the actual jokerstash Deposit or to create off with any resources placed with the impostor carding store as a prerequisite to buying there.
But that did not stop a prominent protection researcher (not this author) from lately plunking down $100 in bitcoin at a site he thought was work by Joker’s Stash (jokersstashdotsu). Instead, the masters of the impostor website said the minimal deposit for observing taken card knowledge on the market had risen up to $200 in bitcoin.
The researcher, who asked not to be named, said he obliged by having an additional $100 bitcoin deposit, only to locate that his username and code to the card shop no longer worked. He’d been fooled by scammers scamming scammers.
Because it occurs, just before reading out of this researcher I’d obtained a mountain of research from Jett Chapman, yet another safety researcher who swore he’d unmasked the real-world personality of the folks behind the Joker’s Deposit carding empire.
Chapman’s research, comprehensive in a 57-page record distributed to KrebsOnSecurity, pivoted from community information primary from exactly the same jokersstashdotsu that cheated my researcher friend.
“I have gone to a few cybercrime forums wherever those who have used jokersstashdotsu which were puzzled about who they really were,” Chapman said. “Most of them remaining feedback stating they’re scammers who’ll only question for money to deposit on the website, and then you might never hear from their store again.”
But in conclusion of Chapman’s report — that somehow jokersstashdotsu was related to the true criminals operating Joker’s Deposit — didn’t ring absolutely correct, although it was skillfully reported and thoroughly researched. Therefore with Chapman’s blessing, I discussed his report with both the researcher who’d been scammed and a police supply who’d been checking Joker’s Stash.
Equally proved my suspicions: Chapman had unearthed a vast system of web sites listed and create around a long period to impersonate a few of the biggest and longest-running criminal credit card robbery syndicates on the Internet.