For provided that scam musicians have been with us so too have opportunistic thieves who specialize in tearing down other fraud artists. This is actually the history about a group of Pakistani Website manufacturers who obviously have built an extraordinary living impersonating a number of the most used and popular “carding” areas, or online stores that offer taken credit cards.
One hugely common carding site that’s been featured in-depth at KrebsOnSecurity — Joker’s Deposit — brags that the countless credit and debit card records for sale via their service were stolen from retailers firsthand.
That is, the folks working Joker’s Stash say they’re hacking retailers and immediately offering card information taken from those merchants. Joker’s Deposit has been linked a number of new retail breaches, including those at Saks Sixth Avenue, Master and Taylor, Bebe Shops, Hilton Accommodations, Jason’s Deli, Whole Ingredients, Chipotle and Sonic. Certainly, with most of these breaches, the initial signs that any of the businesses were hacked was when their customers’credit cards began arriving on the market on Joker’s Stash.
Joker’s Stash retains a existence on several cybercrime boards, and its owners use these community records to tell potential clients that their Web site — jokerstash— is the only method into the marketplace.
The administrators constantly advise consumers to keep yourself informed there are lots of look-alike shops set up to take logins to the actual Joker’s Stash or to make off with any funds deposited with the impostor carding store as a prerequisite to buying there.
But that did not stop a outstanding security researcher (not that author) from recently plunking down $100 in bitcoin at a site he believed was run by Joker’s Deposit (jokersstashdotsu). As an alternative, the masters of the impostor website said the minimal deposit for seeing taken card data on the marketplace had risen to $200 in bitcoin.
The researcher, who asked to not be named, claimed he obliged by having an additional $100 bitcoin deposit, only to locate that his username and password to the card store no more worked. He’d been fooled by scammers conning scammers.
Because it occurs, ahead of hearing out of this researcher I’d acquired a hill of research from Jett Chapman, another security researcher who swore he’d unmasked the real-world personality of individuals behind the Joker’s Stash carding empire.
Chapman’s research, detail by detail in a 57-page record shared with KrebsOnSecurity, pivoted away from community information leading from the same jokersstashdotsu that ripped off my researcher friend.
“I have gone to a couple cybercrime forums where those who have used jokersstashdotsu that have been confused about who they really were,” Chapman said. “Many left feedback expressing they’re scammers who’ll just question for the money to deposit on the site, and then you might never hear from their store again.”
But the conclusion of Chapman’s record — that somehow jokersstashdotsu was related to the actual thieves operating Joker’s Deposit — didn’t ring absolutely precise, though it was properly reported and completely researched. So with Chapman’s blessing, I distributed his record with both the researcher who’d been scammed and a police force supply who’d been checking Joker’s Stash.
Equally confirmed my suspicions: Chapman had uncovered a huge system of websites registered and set up over a long period to impersonate a few of the greatest and longest-running criminal charge card robbery syndicates on the Internet.