For as long as scam artists have been with us therefore too have opportunistic robbers who concentrate in ripping down different fraud artists. This is actually the history about a group of Pakistani Internet site designers who apparently have produced an impressive residing impersonating a few of the most popular and well-known “carding” areas, or online retailers that offer stolen credit cards.
One very popular carding website that’s been included in-depth at KrebsOnSecurity — Joker’s Stash — brags that the countless credit and debit card accounts for sale via their support were taken from retailers firsthand.
That’s, the people working Joker’s Stash state they are coughing merchants and straight selling card information stolen from those merchants. Joker’s Stash has been tied to several recent retail breaches, including these at Saks Sixth Avenue, Master and Taylor, Bebe Stores, Hilton Resorts, Jason’s Deli, Whole Meals, Chipotle and Sonic. Indeed, with many of these breaches, the very first signs that some of the organizations were hacked was when their clients’charge cards started showing up for sale on Joker’s Stash.
Joker’s Stash retains a presence on many cybercrime forums jokerstash, and its homeowners use these community records to tell potential clients that their Internet site — jokerstashdotbazar — is the only path in to the marketplace.
The administrators constantly advise buyers to be aware there are numerous look-alike stores set as much as take logins to the real Joker’s Deposit or to make down with any resources settled with the impostor carding store as a prerequisite to looking there.
But that didn’t stop a distinguished security researcher (not this author) from recently plunking down $100 in bitcoin at a site he thought was run by Joker’s Stash (jokersstashdotsu). As an alternative, the proprietors of the impostor site claimed the minimum deposit for watching stolen card data on the market had risen up to $200 in bitcoin.
The researcher, who requested not to be named, claimed he obliged having an extra $100 bitcoin deposit, only to locate that his username and code to the card store no more worked. He’d been fooled by scammers scamming scammers.
Since it happens, prior to experiencing using this researcher I’d acquired a pile of study from Jett Chapman, still another protection researcher who swore he’d unmasked the real-world personality of the people behind the Joker’s Deposit carding empire.
Chapman’s study, detailed in a 57-page report shared with KrebsOnSecurity, pivoted off of public information major from the exact same jokersstashdotsu that scammed my researcher friend.
“I’ve gone to some cybercrime forums where people who have applied jokersstashdotsu that have been confused about who they really were,” Chapman said. “Many of them left feedback saying they’re scammers who’ll only question for money to deposit on the website, and then you’ll never hear from their website again.”
But the conclusion of Chapman’s record — that somehow jokersstashdotsu was related to the actual thieves working Joker’s Deposit — didn’t ring completely accurate, though it was properly noted and completely researched. So with Chapman’s benefit, I discussed his record with both researcher who’d been scammed and a police force source who’d been checking Joker’s Stash.
Both confirmed my suspicions: Chapman had unearthed a great network of web sites registered and put up over many years to impersonate a few of the greatest and longest-running offender charge card robbery syndicates on the Internet.