For as long as fraud artists have been with us therefore also have opportunistic thieves who specialize in tearing off other fraud artists. This is actually the story about a small grouping of Pakistani Web page developers who obviously have created an impressive residing impersonating a number of the most popular and well known “carding” markets, or online retailers that promote stolen credit cards.
One extremely common carding website that has been featured in-depth at KrebsOnSecurity — Joker’s Deposit — brags that the countless credit and bank card records available via their company were stolen from vendors firsthand.
That’s, the people working Joker’s Stash say they are hacking merchants and straight selling card knowledge stolen from these merchants. Joker’s Deposit has been attached a number of recent retail breaches, including those at Saks Sixth Avenue, Lord and Taylor, Bebe Shops, Hilton Accommodations, Jason’s Deli, Whole Meals, Chipotle and Sonic. Certainly, with most of these breaches, the initial signs that some of the companies were hacked was when their consumers’credit cards started arriving for sale on Joker’s Stash.
Joker’s Deposit retains a presence on a few cybercrime forums, and their owners use those community reports to remind prospective customers that their Site — jokerstashdotbazar — is the only way into the marketplace.
The administrators constantly warn consumers to keep yourself informed there are many look-alike stores collection around grab logins to the actual Joker’s Stash or to make down with any funds deposited with the impostor carding store as a prerequisite to looking there.
But that didn’t end a prominent safety researcher (not that author) from recently plunking down $100 in bitcoin at a website he believed was run by Joker’s Deposit (jokersstashdotsu). As an alternative, the owners of the impostor site said the minimum deposit for watching stolen card information on industry had risen up to $200 in bitcoin.
The researcher, who asked to not be named, claimed he obliged with an additional $100 bitcoin deposit, only to find that his username and code to the card shop no longer worked. He’d been conned by scammers conning scammers.
Because it occurs, ahead of hearing from this researcher I’d received a mountain of study from Jett Chapman, still another safety researcher who swore he’d unmasked the real-world personality of the people behind the Joker’s Stash carding empire.
Chapman’s study, comprehensive in a 57-page record shared with KrebsOnSecurity, pivoted off of public data major from the same jokersstashdotsu that ripped off my researcher friend.
“I’ve removed to a couple cybercrime boards where those who have applied jokersstashdotsu which were confused about who they really were,” Chapman said. “Most of them left feedback stating they are scammers who’ll just ask for the money to deposit on the site, and then you’ll never hear from their store again.”
But in conclusion of Chapman’s report — that somehow jokerstash was related to the actual thieves operating Joker’s Deposit — didn’t band entirely precise, though it was skillfully reported and thoroughly researched. So with Chapman’s advantage, I provided his report with both researcher who’d been scammed and a law enforcement source who’d been checking Joker’s Stash.
Equally proved my suspicions: Chapman had discovered a vast system of internet sites registered and setup over several years to impersonate a number of the biggest and longest-running offender bank card robbery syndicates on the Internet.