For provided that con artists have been with us so also have opportunistic thieves who concentrate in ripping off different fraud artists. Here is the story about several Pakistani Web site designers who apparently have made an impressive living impersonating some of typically the most popular and well-known “carding” markets, or online stores that provide taken credit cards.
One quite popular carding site that’s been presented in-depth at KrebsOnSecurity — Joker’s Stash — brags that the millions of credit and debit card accounts for sale via their service were taken from suppliers firsthand.
That’s, the folks operating Joker’s Stash state they’re hacking merchants and right offering card knowledge taken from those merchants. Joker’s Stash has been linked to many recent retail breaches, including these at Saks Sixth Avenue, Master and Taylor, Bebe Stores, Hilton Lodges, Jason’s Deli, Whole Ingredients, Chipotle and Sonic. Indeed, with these types of breaches, the initial signals that some of the businesses were hacked was when their customers’credit cards began showing up available on Joker’s Stash.
Joker’s Stash maintains a existence on many cybercrime boards, and its homeowners use these community reports to remind potential customers that its Site — jokerstashdotbazar — is the only method in to the marketplace.
The administrators continually warn consumers to keep yourself updated there are many look-alike stores set around grab logins to the real Joker’s Deposit or to produce off with any resources deposited with the impostor carding shop as a prerequisite to searching there.
But that didn’t stop a outstanding protection researcher (not that author) from lately plunking down $100 in bitcoin at a site he thought was work by Joker’s Deposit (jokerstash). Instead, the managers of the impostor website claimed the minimal deposit for observing taken card data on industry had risen to $200 in bitcoin.
The researcher, who asked never to be named, claimed he obliged with an extra $100 bitcoin deposit, only to locate that his username and password to the card shop no more worked. He’d been fooled by scammers scamming scammers.
Because it occurs, prior to hearing using this researcher I’d acquired a hill of study from Jett Chapman, still another protection researcher who swore he’d unmasked the real-world identification of the people behind the Joker’s Stash carding empire.
Chapman’s study, comprehensive in a 57-page record shared with KrebsOnSecurity, pivoted away from public data leading from the same jokersstashdotsu that scammed my researcher friend.
“I have gone to some cybercrime boards wherever individuals who have applied jokersstashdotsu which were puzzled about who they actually were,” Chapman said. “Most of them remaining feedback saying they are scammers who will only question for the money to deposit on the site, and then you’ll never hear from their store again.”
But the final outcome of Chapman’s report — that somehow jokersstashdotsu was related to the real thieves running Joker’s Stash — did not ring completely correct, though it was skillfully documented and thoroughly researched. Therefore with Chapman’s benefit, I discussed his report with the researcher who’d been scammed and a police force supply who’d been monitoring Joker’s Stash.
Equally proved my suspicions: Chapman had unearthed a great network of sites documented and put up over a long period to impersonate a number of the biggest and longest-running criminal charge card theft syndicates on the Internet.