For so long as fraud artists have existed therefore too have opportunistic robbers who concentrate in tearing off different fraud artists. This is the story about a small grouping of Pakistani Web site designers who seemingly have created an impressive living impersonating a few of the most used and well known “carding” markets, or online stores that offer taken credit cards.
One quite common carding site that’s been presented in-depth at KrebsOnSecurity — Joker’s Stash — brags that the millions of credit and bank card records on the market via their company were taken from vendors firsthand.
That is, the people running Joker’s Deposit say they’re coughing vendors and straight selling card information stolen from these merchants. Joker’s Stash has been attached a number of recent retail breaches, including these at Saks Sixth Avenue, Master and Taylor, Bebe Shops, Hilton Hotels, Jason’s Deli, Whole Meals, Chipotle and Sonic. Indeed, with many of these breaches, the initial signals that the organizations were hacked was when their clients’bank cards began arriving available on Joker’s Stash.
Joker’s Stash maintains a presence on many cybercrime forums, and their homeowners use these forum records to remind potential customers that its Web site — jokerstashdotbazar — is the only path in the marketplace.
The administrators constantly warn customers to keep yourself updated there are many look-alike shops collection around grab logins to the real Joker’s Deposit or to produce off with any resources settled with the impostor carding shop as a prerequisite to searching there.
But that did not end a prominent security researcher (not this author) from lately plunking down $100 in bitcoin at a niche site he believed was work by Joker’s Deposit (jokersstashdotsu). Alternatively, the managers of the impostor site said the minimal deposit for observing taken card information on industry had increased to $200 in bitcoin.
The researcher, who asked never to be named, claimed he obliged having an extra $100 bitcoin deposit, only to locate that his username and password to the card shop no more worked. He’d been fooled by scammers conning scammers.
Because it happens, just before hearing using this researcher I’d received a pile of study from Jett Chapman, still another safety researcher who swore he’d unmasked the real-world personality of individuals behind the Joker’s Deposit carding empire.
Chapman’s research, comprehensive in a 57-page report shared with KrebsOnSecurity, pivoted off of community data major from the exact same jokersstashdotsu that ripped off my researcher friend.
“I’ve gone to some cybercrime forums wherever people who have used jokersstashdotsu that have been confused about who they really were,” Chapman said. “Most of them remaining feedback stating they are scammers who will only ask for money to deposit on the internet site, and then you might never hear from their store again.”
But in conclusion of Chapman’s report — that somehow jokersstashdotsu was linked to the true thieves running Joker’s Stash — did not band absolutely correct jokerstash, although it was professionally reported and completely researched. So with Chapman’s benefit, I distributed his record with the researcher who’d been scammed and a police source who’d been tracking Joker’s Stash.
Equally confirmed my suspicions: Chapman had discovered a huge network of websites listed and put up around a long period to impersonate a few of the biggest and longest-running criminal bank card theft syndicates on the Internet.