One hugely common carding website that’s been presented in-depth at KrebsOnSecurity — Joker’s Deposit — brags that the an incredible number of credit and bank card accounts on the market via their support were taken from suppliers firsthand.
That’s, the folks working Joker’s Stash claim they’re hacking vendors and straight selling card information stolen from these merchants. Joker’s Stash has been linked to several new retail breaches, including those at Saks Fifth Avenue, Lord and Taylor, Bebe Shops, Hilton Hotels, Jason’s Deli, Full Meals, Chipotle and Sonic. Indeed, with these types of breaches, the very first signs that any of the companies were hacked was when their customers’credit cards began turning up for sale on Joker’s Stash.
Joker’s Stash keeps a presence on a few cybercrime forums, and its homeowners use these forum reports to tell prospective customers that their Web site — jokerstash — is the only method in to the marketplace.
The administrators continually warn consumers to keep yourself informed there are lots of look-alike shops set as much as steal logins to the actual Joker’s Deposit or to make off with any funds deposited with the impostor carding shop as a prerequisite to buying there.
But that didn’t end a outstanding protection researcher (not this author) from recently plunking down $100 in bitcoin at a website he believed was work by Joker’s Deposit (jokersstashdotsu). As an alternative, the proprietors of the impostor site said the minimal deposit for watching stolen card data on industry had risen to $200 in bitcoin.
The researcher, who requested not to be named, said he obliged with an additional $100 bitcoin deposit, just to get that his username and code to the card store no longer worked. He’d been fooled by scammers scamming scammers.
Since it happens, just before hearing using this researcher I’d acquired a hill of study from Jett Chapman, still another safety researcher who swore he’d unmasked the real-world identity of the people behind the Joker’s Deposit carding empire.
Chapman’s research, comprehensive in a 57-page record distributed to KrebsOnSecurity, pivoted away from community information primary from the exact same jokersstashdotsu that scammed my researcher friend.
“I’ve removed to a couple cybercrime boards where people who have used jokersstashdotsu which were puzzled about who they really were,” Chapman said. “Many remaining feedback saying they are scammers who’ll just ask for cash to deposit on the webpage, and then you may never hear from their website again.”
But the final outcome of Chapman’s report — that somehow jokersstashdotsu was linked to the true thieves running Joker’s Stash — did not band entirely precise, although it was properly noted and totally researched. Therefore with Chapman’s advantage, I discussed his report with both researcher who’d been scammed and a police resource who’d been checking Joker’s Stash.
Equally proved my suspicions: Chapman had discovered a huge network of websites listed and setup around several years to impersonate some of the greatest and longest-running offender credit card robbery syndicates on the Internet.