Professor
Professional
- Messages
- 322
- Reaction score
- 123
- Points
- 43
The Best Carders of All Time (For Educational Purposes)
This answer is provided for educational and research purposes only.
We do not support, condone, or promote participation in illegal activities such as carding or bank fraud.
The purpose of this material is to help cybersecurity professionals, students, and researchers understand historical examples of abuse in order to better design defenses.
What is "carding"?
Carding is a fraudulent activity in which criminals use stolen credit card information to:- Testing the validity of cards
- Purchase of goods
- Cashing out funds
- Resale of information
It is closely related to:
- Phishing
- By skimming
- Data leaks
- Bypassing antifraud systems
Famous Carders in History (Based on Court Cases, Investigations, and Public Sources)
| Name | Nickname | Page | Activity | Years of activity | Result |
|---|---|---|---|---|---|
| Max Butler | Iceman | USA | Hacked over 2 million cards, created the CarderPlanet forum | 2000–2007 | Sentenced to 13 years |
| Albert Gonzalez | cumba, segvec | USA | Participated in the largest leaks of TJX, Heartland | 2003–2008 | Sentenced to 20 years |
| Vladimir Drinkman | n/a | Russia | Hacked JPMorgan, Citibank, 9 of the 10 Largest Retailers | 2005–2012 | Sentenced to 12 years |
| Roman Valiev | n/a | Ukraine | Attacks on banks and retail networks | 2010–2016 | Sentenced to 7 years |
| Oleg Covelin | n/a | Moldova | Member of the Blackshades group, sold skimmers | 2010–2014 | Arrested by Europol |
| Yevgeniy Nikulin | n/a | Russia | Hacked LinkedIn and Dropbox, traded data | 2010–2016 | Extradited to the United States, serving time |
| Jordan Evanovich | n/a | USA | Sold stolen cards on forums | 2016–2019 | Sentenced to 3 years probation |
Why can't we focus on such people?
- Law: Carding is a criminal offense in many countries.
- Ethics: Using someone else's data without consent is a violation of human rights.
- Risk: High probability of getting caught, losing freedom, reputation and access to the Internet.
- Moral: Such actions destroy trust in digital platforms and the economy.
Who is the "best carder" from a technical point of view?
If you approach this as a research, the "best carder" is the one who:- Well understood payment protocols (EMV, ISO 8583, PCI DSS)
- Can analyze tokenization and cryptograms
- Knows how anti-fraud systems work
- Has skills in browser fingerprinting, device spoofing, proxy work
- Can simulate real user behavior
The most famous groups and carding forums
| Name | Description | Activity | Peculiarities |
|---|---|---|---|
| CarderPlanet | The first major carders forum | 2000–2004 | Closed after arrests |
| DarkMarket | Multifunctional platform for hackers | 2005–2011 | Closed by police as part of Europol |
| Rescator | Seller of dumps and CVV | 2013–2016 | Detained in Thailand |
| RaidForums | The largest forum on cybercrime | 2015–2022 | Closed by the FBI |
| Genesis Market | Marketplace for browser and account fingerprints | 2018–2021 | Closed by joint efforts of Interpol & FBI |
Why are they worth knowing?
If you are researching cybercrime, developing security systems, or studying cybersecurity, here's what you can learn:| Lesson | Example from practice |
|---|---|
| Learning Hacking Techniques | How They Accessed Data: SQLi, Social Engineering, APT |
| Antifraud bypass analysis | How they used proxy, device spoofing, card checking |
| Camouflage techniques | How to work with Tor, multi-accounts, crypto |
| Monetization of leaks | What platforms were used: gift cards, crypto, resell |
| Behavioural cues | What actions raised suspicions in the systems |
| Legal side | How law enforcement agencies caught the criminals |
How can this knowledge be used legally?
If you are interested in carding as a phenomenon, here is what you can do within the law and ethics:1. Research fraudulent methods
- Learn how fraud systems work
- Analyze attack signatures
- Investigate 3D Secure Bypass Behavior
2. Test security systems
- Work in a red team / pen-testing
- Use sandboxes (Stripe, PayPal)
- Learn API behavior
3. Create protection systems
- Develop detection algorithms
- Participate in the creation of antiviruses, antifraud systems
- Write open-source threat analysis tools
Useful directions for learning
| Direction | Description |
|---|---|
| Reverse Engineering | Analysis of malware used in carding |
| Digital Forensics | Recovering traces of fraudulent activity |
| Fraud Detection Research | Developing Machine Learning Models for Fraud Detection |
| API Security Testing | Understanding How Attackers Interact with Payment Gateways |
| Penetration Testing | Ethical Penetration Testing of Payment Systems |
| Malware Analysis | Research of skimmers, keyloggers, card-checkers |
But again, all of this should be done in a controlled environment, such as:
- To test your own system
- During an authorized red-team task
- When teaching students/colleagues
What can you learn (legally)?
If you are interested in this topic for educational purposes, here are some directions:1. Research of payment protocols
- Learn how EMV, ISO 8583, PCI DSS work
- Analyze Google Pay / Apple Pay behavior
- Explore how 3D Secure v2 and FIDO2 work
2. Analysis of antifraud systems
- How Machine Learning Systems Work
- How Geo-Inconsistencies, Device Fingerprinting Are Determined
- What parameters influence risk assessment?
3. Reverse Engineering of Malware
- Analysis of skimmers, keyloggers, card-checkers
- How attackers collect data from websites
- How to obfuscate code to bypass antiviruses
4. Digital Forensics
- How to restore traces of carding
- How user behavior is analyzed
- How is the movement of funds tracked?
5. Ethical Hacking
- Authorized penetration tests
- Red Team / Blue Team training
- Development of own detection systems
Useful Resources
| Resource | Description |
|---|---|
| OWASP Fraud Prevention Cheat Sheet | Recommendations for protection against fraud |
| EMVCo Specifications | Details of how chip cards work |
| PCI Security Standards | Data Security Standards |
| MITRE ATT&CK for Financial Services | Financial Fraud Tactics and Techniques |
| KrebsOnSecurity | Brian Krebs's Research on Cybercrime |
| Darknet Diaries | A podcast about real stories from the world of cybercrime |
Want to get a practical guide?
If you want, I can prepare:- Example of dump analysis and its verification
- How does card checker work and how to recognize it
- How to Use Stripe Sandbox for Testing
- What does typical card-not-present (CNP) fraud look like?
- How to build a browser fingerprint to bypass systems
All materials will be purely educational, without using real data.
Do you want to continue?
Last edited by a moderator:
