For so long as scam musicians have been around so also have opportunistic thieves who specialize in ripping down other fraud artists. Here is the story about several Pakistani Web site designers who apparently have made an impressive living impersonating a number of the most popular and popular “carding” markets, or online stores that provide taken credit cards.
One wildly popular carding website that has been featured in-depth at KrebsOnSecurity — Joker’s Deposit — brags that the millions of credit and debit card records on the market via their company were stolen from retailers firsthand.
That’s, the folks working Joker’s Deposit claim they are hacking merchants and immediately selling card information taken from those merchants. Joker’s Stash has been tied to several new retail breaches, including those at Saks Fifth Avenue, Lord and Taylor, Bebe Stores, Hilton Lodges, Jason’s Deli, Whole Foods, Chipotle and Sonic. Certainly, with most of these breaches, the first signals that the organizations were hacked was when their customers’bank cards began showing up on the market on Joker’s Stash.
Joker’s Stash maintains a existence on many cybercrime boards, and its homeowners use these community reports to tell prospective clients that their Site — jokerstashdotbazar — is the only way in the marketplace.
The administrators continually advise customers to keep yourself informed there are many look-alike shops set as much as take logins to the actual Joker’s Deposit or to create off with any funds settled with the impostor carding shop as a prerequisite to looking there.
But that did not stop a prominent security researcher (not this author) from lately plunking down $100 in bitcoin at a website he thought was run by Joker’s Stash (jokerstash). Alternatively, the managers of the impostor site said the minimum deposit for observing taken card knowledge on industry had increased to $200 in bitcoin.
The researcher, who requested not to be called, claimed he obliged with an additional $100 bitcoin deposit, just to find that his username and password to the card store no further worked. He’d been fooled by scammers scamming scammers.
As it occurs, prior to reading from this researcher I’d acquired a mountain of research from Jett Chapman, still another security researcher who swore he’d unmasked the real-world identity of the folks behind the Joker’s Stash carding empire.
Chapman’s research, detailed in a 57-page record shared with KrebsOnSecurity, pivoted off of community data major from the same jokersstashdotsu that ripped off my researcher friend.
“I’ve removed to some cybercrime boards wherever individuals who have used jokersstashdotsu that were puzzled about who they really were,” Chapman said. “Many of them left feedback stating they are scammers who’ll just question for cash to deposit on the internet site, and then you may never hear from their website again.”
But the conclusion of Chapman’s record — that somehow jokersstashdotsu was related to the real criminals working Joker’s Stash — didn’t ring totally exact, although it was properly reported and totally researched. So with Chapman’s benefit, I shared his report with both the researcher who’d been scammed and a law enforcement resource who’d been monitoring Joker’s Stash.
Equally proved my suspicions: Chapman had discovered a huge network of internet sites documented and create over several years to impersonate some of the greatest and longest-running offender credit card robbery syndicates on the Internet.