For so long as scam musicians have been with us therefore also have opportunistic robbers who specialize in pulling off different scam artists. This is actually the history about several Pakistani Internet site manufacturers who apparently have created an impressive living impersonating a few of the most popular and well-known “carding” areas, or online retailers that provide stolen credit cards.
One hugely popular carding site that has been highlighted in-depth at KrebsOnSecurity — jokerstash Deposit — brags that the millions of credit and debit card reports on the market via their company were taken from suppliers firsthand.
That is, the people running Joker’s Stash state they’re hacking retailers and right offering card information stolen from those merchants. Joker’s Stash has been linked to many new retail breaches, including those at Saks Fifth Avenue, Lord and Taylor, Bebe Stores, Hilton Hotels, Jason’s Deli, Full Meals, Chipotle and Sonic. Certainly, with these types of breaches, the initial signals that some of the organizations were hacked was when their consumers’charge cards began showing up on the market on Joker’s Stash.
Joker’s Deposit retains a presence on several cybercrime forums, and their owners use these forum accounts to remind potential clients that its Internet site — jokerstashdotbazar — is the only path into the marketplace.
The administrators continually warn buyers to keep yourself updated there are numerous look-alike stores set around steal logins to the real Joker’s Stash or to produce down with any funds transferred with the impostor carding shop as a prerequisite to buying there.
But that did not end a outstanding safety researcher (not that author) from lately plunking down $100 in bitcoin at a website he believed was work by Joker’s Stash (jokersstashdotsu). Alternatively, the owners of the impostor site said the minimal deposit for observing stolen card information on the marketplace had risen to $200 in bitcoin.
The researcher, who requested never to be named, said he obliged by having an additional $100 bitcoin deposit, only to find that his username and password to the card store no further worked. He’d been conned by scammers conning scammers.
Because it occurs, prior to experiencing using this researcher I’d obtained a hill of research from Jett Chapman, yet another protection researcher who swore he’d unmasked the real-world identity of the people behind the Joker’s Deposit carding empire.
Chapman’s study, detail by detail in a 57-page report distributed to KrebsOnSecurity, pivoted off of public information leading from the same jokersstashdotsu that cheated my researcher friend.
“I’ve gone to a couple cybercrime boards wherever those who have used jokersstashdotsu that have been puzzled about who they really were,” Chapman said. “Most of them remaining feedback expressing they are scammers who’ll just ask for cash to deposit on the webpage, and then you might never hear from them again.”
But in conclusion of Chapman’s report — that somehow jokersstashdotsu was linked to the actual criminals operating Joker’s Deposit — didn’t band totally accurate, though it was professionally reported and totally researched. So with Chapman’s benefit, I discussed his report with both researcher who’d been scammed and a police source who’d been checking Joker’s Stash.
Equally confirmed my suspicions: Chapman had uncovered a great network of web sites registered and setup around a long period to impersonate a number of the biggest and longest-running criminal bank card robbery syndicates on the Internet.