One quite popular carding site that has been included in-depth at KrebsOnSecurity — Joker’s Deposit — brags that the millions of credit and bank card records available via their company were taken from suppliers firsthand.
That’s, the people running Joker’s Stash state they are coughing suppliers and directly selling card knowledge stolen from these merchants. Joker’s Deposit has been attached a number of recent retail breaches, including these at Saks Fifth Avenue, Master and Taylor, Bebe Stores, Hilton Resorts, Jason’s Deli, Whole Meals, Chipotle and Sonic. Certainly, with most of these breaches, the initial signals that some of the organizations were hacked was when their customers’charge cards began arriving for sale on Joker’s Stash.
Joker’s Deposit keeps a existence on a few cybercrime boards, and its homeowners use these community records to remind potential clients that its Internet site — jokerstashdotbazar — is the only way in to the marketplace.
The administrators constantly warn buyers to be aware there are numerous look-alike shops collection as much as steal logins to the true Joker’s Stash or to produce off with any funds settled with the impostor carding store as a prerequisite to searching there.
But that didn’t stop a prominent protection researcher (not that author) from lately plunking down $100 in bitcoin at a website he thought was work by Joker’s Deposit (jokersstashdotsu). Instead, the managers of the impostor website claimed the minimum deposit for viewing taken card knowledge on the marketplace had risen up to $200 in bitcoin.
The researcher, who asked to not be called, said he obliged with an additional $100 bitcoin deposit, just to locate that his username and password to the card store no further worked. He’d been conned by scammers conning scammers.
As it occurs, prior to hearing out of this researcher I’d received a hill of study from Jett Chapman, another safety researcher who swore he’d unmasked the real-world identity of individuals behind the Joker’s Deposit carding empire.
Chapman’s research, detail by detail in a 57-page record distributed to KrebsOnSecurity, pivoted away from public data major from the same jokersstashdotsu that ripped off my researcher friend.
“I’ve gone to a couple cybercrime forums wherever those who have used jokersstashdotsu that were puzzled about who they actually were jokerstash,” Chapman said. “Many remaining feedback saying they’re scammers who will only question for the money to deposit on the webpage, and then you might never hear from them again.”
But the conclusion of Chapman’s report — that somehow jokersstashdotsu was related to the actual criminals operating Joker’s Stash — did not band totally exact, although it was skillfully noted and totally researched. So with Chapman’s benefit, I discussed his record with both researcher who’d been scammed and a police source who’d been checking Joker’s Stash.
Equally confirmed my suspicions: Chapman had unearthed a huge system of websites listed and put up over several years to impersonate a few of the greatest and longest-running offender charge card robbery syndicates on the Internet.