For provided that con musicians have existed so too have opportunistic thieves who concentrate in pulling off different scam artists. Here is the history about several Pakistani Website makers who apparently have built an extraordinary living impersonating a few of the most popular and popular “carding” markets, or online retailers that provide stolen credit cards.
One very common carding website that’s been included in-depth at KrebsOnSecurity — Joker’s Stash — brags that the an incredible number of credit and bank card records available via their company were taken from retailers firsthand.
That’s, the people operating Joker’s Stash say they are coughing suppliers and directly offering card data stolen from those merchants. Joker’s Stash has been linked to several new retail breaches, including these at Saks Sixth Avenue, Lord and Taylor, Bebe Shops, Hilton Accommodations, Jason’s Deli, Whole Foods, Chipotle and Sonic. Certainly, with many of these breaches, the first signals that some of the businesses were hacked was when their consumers’bank cards started arriving for sale on Joker’s Stash.
Joker’s Deposit maintains a existence on a few cybercrime forums jokerstash, and its owners use those forum accounts to tell potential clients that its Web site — jokerstashdotbazar — is the only path in to the marketplace.
The administrators continually advise buyers to be aware there are lots of look-alike stores set around grab logins to the actual Joker’s Deposit or to make off with any resources deposited with the impostor carding store as a prerequisite to shopping there.
But that did not end a distinguished protection researcher (not that author) from recently plunking down $100 in bitcoin at a website he thought was work by Joker’s Deposit (jokersstashdotsu). Alternatively, the entrepreneurs of the impostor website said the minimum deposit for seeing taken card data on industry had increased to $200 in bitcoin.
The researcher, who asked to not be named, claimed he obliged having an extra $100 bitcoin deposit, just to find that his username and code to the card shop no more worked. He’d been conned by scammers conning scammers.
As it occurs, just before hearing using this researcher I’d received a pile of research from Jett Chapman, still another security researcher who swore he’d unmasked the real-world personality of individuals behind the Joker’s Deposit carding empire.
Chapman’s study, step-by-step in a 57-page record shared with KrebsOnSecurity, pivoted away from community data primary from the exact same jokersstashdotsu that cheated my researcher friend.
“I’ve gone to some cybercrime forums wherever people who have used jokersstashdotsu that have been puzzled about who they actually were,” Chapman said. “Most of them left feedback saying they’re scammers who will just ask for cash to deposit on the site, and then you may never hear from their store again.”
But the final outcome of Chapman’s report — that somehow jokersstashdotsu was related to the true criminals running Joker’s Deposit — did not ring completely appropriate, although it was professionally noted and carefully researched. So with Chapman’s blessing, I shared his report with both researcher who’d been scammed and a police resource who’d been tracking Joker’s Stash.
Both proved my suspicions: Chapman had unearthed a great network of sites listed and set up over many years to impersonate a number of the greatest and longest-running offender bank card theft syndicates on the Internet.