For as long as scam musicians have been with us therefore too have opportunistic thieves who concentrate in ripping down other con artists. Here is the story about a small grouping of Pakistani Web page developers who obviously have created an extraordinary residing impersonating some of typically the most popular and well-known “carding” markets, or online retailers that promote taken credit cards.
One wildly popular carding website that has been presented in-depth at jokerstash— Joker’s Deposit — brags that the millions of credit and bank card records available via their support were taken from suppliers firsthand.
That is, the folks working Joker’s Stash state they’re hacking retailers and right offering card knowledge taken from those merchants. Joker’s Stash has been attached to several recent retail breaches, including these at Saks Fifth Avenue, Master and Taylor, Bebe Shops, Hilton Resorts, Jason’s Deli, Full Foods, Chipotle and Sonic. Indeed, with these types of breaches, the very first signs that some of the companies were hacked was when their customers’credit cards started turning up available on Joker’s Stash.
Joker’s Stash maintains a existence on a few cybercrime forums, and its owners use these community accounts to remind prospective consumers that their Web page — jokerstashdotbazar — is the only method into the marketplace.
The administrators continually advise consumers to be aware there are lots of look-alike shops set around take logins to the actual Joker’s Deposit or to produce off with any resources deposited with the impostor carding shop as a prerequisite to searching there.
But that didn’t end a prominent safety researcher (not this author) from lately plunking down $100 in bitcoin at a niche site he believed was work by Joker’s Deposit (jokersstashdotsu). Alternatively, the owners of the impostor website said the minimal deposit for observing stolen card knowledge on the marketplace had increased to $200 in bitcoin.
The researcher, who asked never to be called, claimed he obliged by having an extra $100 bitcoin deposit, just to get that his username and password to the card shop no further worked. He’d been conned by scammers scamming scammers.
Because it happens, just before hearing from this researcher I’d obtained a hill of study from Jett Chapman, yet another security researcher who swore he’d unmasked the real-world identification of the people behind the Joker’s Stash carding empire.
Chapman’s research, step-by-step in a 57-page record distributed to KrebsOnSecurity, pivoted from community information major from the same jokersstashdotsu that cheated my researcher friend.
“I’ve removed to some cybercrime boards where those who have applied jokersstashdotsu which were puzzled about who they actually were,” Chapman said. “Most of them left feedback saying they are scammers who will just question for cash to deposit on the webpage, and then you’ll never hear from their store again.”
But the conclusion of Chapman’s record — that somehow jokersstashdotsu was linked to the true thieves working Joker’s Stash — didn’t ring fully correct, although it was properly documented and totally researched. So with Chapman’s blessing, I discussed his report with both researcher who’d been scammed and a police force source who’d been monitoring Joker’s Stash.
Both proved my suspicions: Chapman had uncovered a huge system of sites documented and setup around several years to impersonate a few of the biggest and longest-running criminal bank card theft syndicates on the Internet.