For so long as con musicians have been with us therefore too have opportunistic thieves who focus in ripping down other con artists. This is the story about a group of Pakistani Web page makers who seemingly have produced an impressive living impersonating a few of the most used and popular “carding” areas, or online stores that provide stolen credit cards.
One very common carding website that’s been included in-depth at KrebsOnSecurity — Joker’s Stash — brags that the countless credit and debit card records on the market via their service were stolen from suppliers firsthand.
That’s, the folks operating Joker’s Stash say they are coughing suppliers and directly offering card information stolen from those merchants. Joker’s Stash has been tied a number of new retail breaches, including those at Saks Fifth Avenue, Lord and Taylor, Bebe Shops, Hilton Resorts, Jason’s Deli, Full Ingredients, Chipotle and Sonic. Indeed, with most of these breaches, the first signals that the organizations were hacked was when their consumers’bank cards started arriving available on Joker’s Stash.
Joker’s Deposit keeps a presence on many cybercrime boards, and their owners use these community accounts to tell prospective clients that their Website — jokerstashdotbazar — is the only method into the marketplace.
The administrators constantly advise consumers to keep yourself informed there are numerous look-alike stores set as much as grab logins to the true Joker’s Stash or to make off with any resources deposited with the impostor carding shop as a prerequisite to buying there.
But that didn’t stop a outstanding security researcher (not that author) from recently plunking down $100 in bitcoin at a website he thought was run by Joker’s Deposit (jokersstashdotsu). As an alternative, the proprietors of the impostor website claimed the minimal deposit for observing taken card knowledge on the marketplace had increased to $200 in bitcoin.
The researcher, who requested never to be named, claimed he obliged having an extra $100 bitcoin deposit, only to get that his username and code to the card shop no longer worked. He’d been conned by scammers conning scammers.
As it occurs, prior to hearing from this researcher I’d received a pile of study from Jett Chapman, yet another safety researcher who swore he’d unmasked the real-world identity of the people behind the Joker’s Stash carding empire.
Chapman’s study, step-by-step in a 57-page report shared with KrebsOnSecurity, pivoted off of community information major from the exact same jokersstashdotsu that cheated my researcher friend.
“I’ve gone to some cybercrime forums where individuals who have applied jokersstashdotsu that have been confused about who they actually were,” Chapman said. “Most of them remaining feedback expressing they are scammers who’ll just ask for the money to deposit on the website jokerstash, and then you’ll never hear from their website again.”
But the conclusion of Chapman’s report — that somehow jokersstashdotsu was related to the true criminals working Joker’s Deposit — didn’t ring entirely exact, though it was properly reported and thoroughly researched. Therefore with Chapman’s advantage, I shared his report with both researcher who’d been scammed and a police supply who’d been tracking Joker’s Stash.