For so long as scam artists have been with us so also have opportunistic robbers who specialize in pulling down different scam artists jokerstash. This is the story about a group of Pakistani Website designers who obviously have built an extraordinary residing impersonating some of typically the most popular and popular “carding” markets, or internet vendors that provide stolen credit cards.
One hugely popular carding site that’s been included in-depth at KrebsOnSecurity — Joker’s Deposit — brags that the countless credit and bank card records available via their service were taken from suppliers firsthand.
That’s, the people running Joker’s Deposit claim they’re hacking retailers and directly offering card knowledge stolen from those merchants. Joker’s Deposit has been attached to many recent retail breaches, including these at Saks Sixth Avenue, Lord and Taylor, Bebe Stores, Hilton Resorts, Jason’s Deli, Whole Meals, Chipotle and Sonic. Certainly, with most of these breaches, the first signals that the companies were hacked was when their customers’credit cards started arriving on the market on Joker’s Stash.
Joker’s Stash retains a existence on a few cybercrime forums, and their owners use these community accounts to tell potential customers that their Internet site — jokerstashdotbazar — is the only method in the marketplace.
The administrators constantly advise consumers to keep yourself updated there are many look-alike shops collection up to take logins to the actual Joker’s Stash or to create off with any funds transferred with the impostor carding store as a prerequisite to shopping there.
But that didn’t stop a distinguished safety researcher (not this author) from lately plunking down $100 in bitcoin at a niche site he believed was run by Joker’s Deposit (jokersstashdotsu). Alternatively, the proprietors of the impostor website claimed the minimal deposit for watching taken card information on industry had risen to $200 in bitcoin.
The researcher, who asked not to be named, said he obliged by having an extra $100 bitcoin deposit, only to get that his username and password to the card shop no longer worked. He’d been conned by scammers scamming scammers.
Because it occurs, just before hearing out of this researcher I’d received a hill of research from Jett Chapman, another safety researcher who swore he’d unmasked the real-world personality of the people behind the Joker’s Stash carding empire.
Chapman’s research, comprehensive in a 57-page report shared with KrebsOnSecurity, pivoted off of public data leading from exactly the same jokersstashdotsu that scammed my researcher friend.
“I have removed to some cybercrime forums wherever those who have applied jokersstashdotsu that have been confused about who they really were,” Chapman said. “Many of them remaining feedback expressing they’re scammers who will just ask for money to deposit on the site, and then you’ll never hear from them again.”
But the conclusion of Chapman’s record — that somehow jokersstashdotsu was linked to the actual thieves working Joker’s Deposit — did not ring entirely precise, though it was professionally reported and extensively researched. So with Chapman’s benefit, I shared his record with both researcher who’d been scammed and a police force resource who’d been monitoring Joker’s Stash.
Equally confirmed my suspicions: Chapman had discovered a vast network of websites documented and create over many years to impersonate some of the biggest and longest-running offender charge card theft syndicates on the Internet.