Cloned Boy
Professional
- Messages
- 1,017
- Reaction score
- 787
- Points
- 113
How to steal $36,000,000 and almost not get caught? The story of Quickshift, one of the most sophisticated fraudsters of the digital age. In this topic, you will learn how an ordinary system administrator turned into a world-class carder using fake POS terminals and payment system vulnerabilities.
Skimming, fake terminals, cyber warfare and digital doubles - this is not fiction, but a real story revealed from the inside. We will show how the largest card fraud scheme worked, bringing in tens of millions of dollars ... and how just one mistake led to its collapse.
This topic is not only about crime, but also about technology, system vulnerabilities and the price paid by those who cross the line.
Warning: if you have ever used a bank card in a cafe, store or street kiosk - you should read this topic to the end!
Important: All information is for educational purposes only. We do not promote or encourage any illegal activity. We encourage all readers to exercise caution online.
Contents:
Hello, friends! Today I will tell you a story not about fantasies, but about real holes in the system that someone took advantage of. But this is how the modern world works. The most sophisticated crimes often remain in the shadows. Have you ever wondered how your money is protected when you pay with a card in a cafe or a small store? Have you noticed that the payment terminal looks exactly the same as yesterday?
Are you sure that this is the same terminal? In our digital world, we trust our financial data to dozens of systems and devices every day. But what if someone learned to masterfully replace them? What if your card is read twice - once for a real payment and once - for an invisible thief? Today I present to you the confession of a man known in certain circles under the pseudonym Quickshift.
A former IT specialist, who in a few years went from a talented self-taught person to the creator of one of the most sophisticated fraud schemes with payment terminals. This story does not justify the criminals. It doesn’t make them heroes. But it does help to understand how the system works, which allows stealing millions of dollars from unsuspecting people. To understand in order to protect yourself. I came across this story on one of the closed forums on the darknet, where criminals write their confessions.
It took me a long time to check the facts. Many details were confirmed, some were not. But the overall picture, unfortunately, is all too plausible. Sit back, make sure your own bank cards are safe. And get ready to dive into the world of a man who found a way to hack a system that was considered invulnerable.
Hi, my name is Quickshift, and I would like to tell you my story. The story of how I stole millions of dollars through counterfeit payment terminals. And how this game almost cost me everything. I’m always amazed at how easily people trust their money. A plastic card, a couple of seconds at the terminal, and your funds are already in the system. You don’t even think about where they go. And why. The system works, the money is written off, the goods are in your hands.
My acquaintance with this system began in 2013. I was 26, and I worked as an ordinary system administrator in the IT department of a grocery store chain in Miami. Nothing special. Backup, rebooting servers, periodic trips to points to solve typical problems. Among these problems, payment terminals often turned out to be. I was not an exceptional specialist. An ordinary guy from the middle class, who grew up in the suburbs of Miami.
My father worked as a manager in a construction company, my mother was a school teacher. We never had our own house, only rented apartments. I finished college on loans, which I paid off for many years. Since childhood, I had a talent for understanding technology. At 12, I built my first computer from old parts. At 16, I wrote a primitive virus that disabled the school network for 3 days.
Of course, I was caught, back then I did not know how to cover my tracks. Since then, I decided to be on the side of the good guys. At least, that's what I thought. I came to IT self-taught. No special education, only certificates and endless hours of books and video tutorials. The education system has never kept up with technology, so practical experience has always been valued more than a diploma. On March 15, 2013, I received a call from a store on Brickell Avenue.
A problem with the POS terminal, customers are unhappy, the lines are growing. Standard situation, I arrived half an hour later, ready to do the usual procedure - reboot the system and leave. But that day, everything went differently. Instead of the usual software failure, I found a physical malfunction. I had to disassemble the terminal completely, and what I saw inside changed my life. On the motherboard of the device was a small chip, a thin board about the size of a fingernail. I immediately realized that this was not part of the original design.
It was a skimmer. A device for reading bank card data. I had to report it. I had to hand it over to security, call the police. This would have been the correct legal reaction. Instead, I carefully removed the skimmer, wrapped it in an anti-static bag and put it in my pocket. The terminal was fixed, eliminating the software failure, the official version for the report. Why did I do this?
I can’t say that it was a well-thought-out plan. More like an instinct of an explorer. I was interested in how this thing is arranged, how it works. And perhaps, deep down, I already understood the possibilities this opened up. At home, I studied the find; the skimmer was primitive. A simple data recorder that copied information from the card’s magnetic stripe when a transaction was made. But for me, it was a revelation. I spent the next week on the Internet, studying everything about payment systems.
Forums, articles, technical documentation. Many sources were on shadow resources where I had never looked before. There, for the first time, I saw how deep this rabbit hole was. By the end of the month, I knew more about terminal software than any ordinary technician. I understood their architecture, vulnerabilities, data transfer protocols. And, more importantly, I understood how to fool them. In early May 2013, I created my first skimmer.
A simple device that could read card data. I had no plans to use it; it was just an experiment, I told myself, a proof of concept. But it worked, and that was exciting. A month later, I got a letter from the bank. A reminder about a late payment on my student loans. Then a notice about a rent increase. And then a bill for my mother’s treatment, for a pre-cancerous condition.
The financial crisis hit me like a tsunami. My salary as a sysadmin at a grocery chain didn’t cover half of my expenses. I started picking up extra shifts, freelancing at night. But it wasn’t enough. And then I remembered the skimmer in my desk drawer. It’s just an experiment, I told myself, as I installed the device into the terminal of a small newsstand on the outskirts of town on July 17, 2013. A temporary solution, I told myself, as I used the stolen data for the first time, to make small online purchases through anonymous proxies.
I was careful, choosing small transactions that victims might not notice, using complex money laundering schemes that I read about on forums. And most importantly, I never took too much from one person. That’s how my double life began. During the day, an ordinary system administrator, solving technical problems. At night, a carder, perfecting his methods of data theft.
And with each passing month, the line between these worlds became more and more blurred. By the end of 2013, I had paid off my college loan, paid for my mother’s medical treatment, and moved to a better apartment. Friends and colleagues thought that I was just lucky with my part-time jobs. If only they knew… On January 10, 2014, I met a man who would take my activities to a whole new level. His nickname was Solaris, and he changed my approach to payment system fraud as dramatically as the skimmer once changed my life.
I met Solaris on a closed darknet forum. Unlike most, he didn’t brag about his achievements or sell cheap scripts to newbies. He wrote rarely, but to the point. Technical details, vulnerability analysis, forecasts for the development of security systems. After several weeks of careful communication, we met on January 10 at the Diner – a crowded place enough to remain anonymous.
But noisy enough to avoid wiretapping. Solaris was not what I had imagined from his online communication. He spoke sparingly about himself, but it was obvious. Before me was a man with a deep understanding of POS systems. From some of his comments, I realized that he was directly involved in the development of security protocols for payment terminals. What he knew was impossible to find in the public domain. “Your skimmers are children's toys,” he said.
“You skim the cream but lose the milk. The real money isn’t in copying magnetic stripes, it’s in intercepting and substituting transactions.” He described his idea for building fully-fledged counterfeit terminals that would be indistinguishable from the real thing. Devices that would work as normal but send a copy of every transaction to our servers. “It takes a team,” he explained. “One person can’t do it.”
Two weeks later, Solaris introduced me to Mac, a former bank-installation technician who had lost his job after a falling out with management over pay cuts. “I know all the logistics of how, where, and when the terminals are installed,” he said. “And more importantly, I know how to do it without asking questions.” The last to join was Ledger, a financial whiz with experience in cryptocurrency startups. He had developed a scheme to launder money through a chain of cryptocurrency transactions that made their origins untraceable.
By March 2014, our team was formed. We rented a small warehouse in an industrial area of Miami, turning it into a lab. Solaris was in charge of the technical part, I was in charge of the software, Mac was responsible for the installation, Ledger was in charge of the finances. We created the first model of the counterfeit terminal by May. Externally, it was an exact copy of the Verifone VX520, one of the most common models for small businesses.
Inside, it was a completely different system. Sum, our terminal worked like a regular one, contacted the bank, conducted the transaction, issued a check, but simultaneously sent a copy of all the data to our server in Eastern Europe. Special software, written by me, analyzed this data and determined which cards could be safely stolen from. We used complex algorithms. We did not touch accounts with a balance below a certain amount, did not withdraw more than 15% of available funds, avoided corporate cards with their enhanced monitoring.
Instead of one-off large crashes, we made a series of small transactions in different places. On June 12, 2014, we installed the first terminal in a souvenir shop on Ocean Drive. The owner didn’t even understand what had happened. Meg introduced himself as a bank technician, said that the terminal needed an update, and simply replaced the device.
The first few days we were on edge, constantly monitoring traffic, ready to instantly turn off the system. The system. But everything worked perfectly. In the first week, this single terminal processed $40,000 worth of transactions. Our algorithm selected cards that could safely withdraw about $3,000. By August, we already had 5 terminals in different areas of Miami. Small cafes, souvenir shops, 24-hour stores, places with high traffic of tourists who rarely check their accounts during their vacation.
We upgraded the system. Now the terminals not only copied card information, but also intercepted PIN codes for debit cards, which made it possible to withdraw cash from ATMs, including foreign ones. By the end of 2014, each of us was earning more than $30,000 a month. I moved to a penthouse with an ocean view, bought an Audi R8, and started collecting watches.
I told my parents that I had founded a successful startup with a fade in the field of cybersecurity. They were proud of me, if only they knew. In January 2015, we faced our first serious problem. One of our terminals in a cafe attracted attention. A regular customer, an employee of the bank's IT department, noticed strange things in the device and reported it to the security service.
Mack managed to pick up the terminal an hour before the specialists from the bank arrived. It was an alarming call. We realized that we needed to be even more careful, even more inventive. And then Solaris proposed an idea that took us to a whole new level. “What if instead of replacing existing terminals, we started making our own?” he said, “fully functional devices, certified and connected to real payment systems, but with our modifications inside.”
Solaris’s idea was so audacious that at first it seemed crazy. Creating a company that officially supplies POS terminals, getting all the necessary certificates, building a network of clients – this is no longer a small-time scam, but a business. Criminal, but a business. “I have the certification documentation,” Solaris explained. “I know the procedures from the inside.
We will be able to create devices that will pass all the checks. Security officials are looking for hacked terminals, but no one suspects the company that produces them itself.” We spent March 2015 preparing. Ledger registered the company Secure Pay Solutions through front men in Delaware. We rented a small office in a Miami business center and hired two unsuspecting employees to work with clients.
We followed all the rules, filled out dozens of forms, passed checks, connected to payment systems. Our terminals successfully passed all security tests, because officially they were absolutely clean. Backdoors were activated only after the final certification, through updates that we carried out remotely. By June 2015, Secure Pay Solutions received all the necessary permits and began working.
We offered terminals at prices below market prices, provided free installation and maintenance. Dozens of small businesses, restaurants, stores, beauty salons became our clients. "A smart strategy is not to take everything at once," Ledger repeated at our weekly meetings. We select only 5% of the total flow. Banks are set to identify anomalies, and 5% is not an anomaly, it is an error.
By the end of 2015, our network included more than 70 terminals in Miami and the suburbs. Monthly income exceeded $800,000 for four people. The money was laundered through a complex cryptocurrency transaction scheme and reinvested in legitimate businesses. I bought a penthouse and a vintage car collection. To everyone, I was a successful IT entrepreneur, the founder of a fintech startup. I even spoke at local business forums, talking about the future of secure payments.
The irony of this situation did not escape me. In early 2016, we began expanding to other cities in Florida. We opened a representative office in Orlando and Tampa. We hired regional managers who had no idea about the true nature of the business. To them, Secure Pay Solutions was a promising fintech company competing with industry giants due to innovative technologies and flexible pricing policies.
Our scheme worked flawlessly. We strictly followed the security rules - no face-to-face meetings with the whole team, no recordings, no traces. All communication through encrypted channels, all transactions through mixers, fake documents, shell companies, anonymous servers in countries that do not cooperate with the American intelligence services. By the fall of 2016, our empire covered most of Florida. More than two hundred terminals processing millions of dollars in transactions daily.
We became a victim of our own success. Secure Pay Solutions became noticeable in the market, and we were written about in local business publications, we were invited to industry conferences. But in November 2016, everything changed. Mac was the first to notice an anomaly. Several of our terminals in Orlando began transmitting strange data. Someone was intercepting our traffic. Not banks or law enforcement agencies, there would have been other traces.
Someone was acting according to our own scheme. We have competitors, Solaris concluded after analyzing the logs. And they are not just copying ours. They are intercepting data that we have already intercepted. This was a serious threat. First, unknown hackers could accidentally or intentionally uncover our scheme. Second, they were reducing our income by taking part of the catch. Third, their methods were crude and could attract the attention of security.
We conducted our own investigation. One of the technical specialists we hired to work on the terminal firmware sold the information on the market. Now our technology has become available to other groups. They did not bother with fine-tuning and took much more than 5% of transactions. They did not build a long-term strategy; they wanted quick money. “They are like elephants in a china shop,” Ledger said at an emergency meeting in December.
“If this continues, in a month or two the banks will notice a surge in fraud and begin a global audit of all terminals. And then we will be under attack too. We had three options - to shut down the operation, change the technology or neutralize the competitors. We were not ready to abandon the business that was bringing in millions. Completely changing the scheme would take too long and be too expensive.
There was a third way. We need to find them and come to an agreement, I suggested, or seize the initiative. A real cyber war began. We introduced a special trap into our terminals - a code that tracked any unauthorized connections. This allowed us to establish the IP addresses and approximate location of competitors. By January 2017, we had enough information.
These guys were based in Tampa and consisted of three people - a former bank programmer and two freelance hackers. They worked from a rented apartment in the suburbs and used a modified version of our technology. “Now we had to decide how to proceed. And this decision was supposed to change our entire operation. February 2017 began with a series of emergency meetings. Competitors were becoming more and more brazen.
Their algorithms were taking not 5% like ours, but a full 20-30% from suitable cards. This was not just stealing our technology, this was a direct path to the collapse of the entire scheme. They would achieve a situation where banks would unite for a large-scale investigation. Ledger warned. "Our security is based only on statistical invisibility. After much debate, we chose a strategy - not to eliminate competitors, but to redirect attention to them. It was risky, but we saw no other way out.
We created an anonymous communication channel with the security department of the largest bank in Florida. Through a series of accidental leaks, we provided information about suspicious terminals in Tampa. Of course, we did not mention our own involvement, introducing ourselves as concerned IT security specialists. The plan worked even better than we expected. In March 2017, Tampa police conducted an operation to detain a group of fraudsters who modified payment terminals.
The news about this flew through all the local media. However, we were in for an unpleasant surprise. That evening, Meg received an encrypted message. "We know who you are. We know how you work, we have proof. - meeting, tomorrow, 3 p.m., Bayside Pier. One of the detainees decided to bargain with the police, handing over a bigger fish - us. We found ourselves at a crossroads - to run, lie low, or meet halfway.
After a sleepless night, we decided that Solaris and Meg would conduct reconnaissance while remaining at a safe distance from the meeting place. What they saw shocked us all. There were no police on the pier. Instead, there were two men in expensive suits with bodyguards. They were clearly not representatives of the law. “These are people from a Russian group,” Meg said when he returned. “I’ve seen them before. They control cashing in three states.”
The situation took an unexpected turn. The Russians apparently learned about our scheme from the detained hackers and now wanted either their cut or to take over the business entirely. We decided not to make contact. Instead, we activated the emergency shutdown protocol. Within 48 hours, we eliminated all direct evidence, transferred assets to anonymous crypto wallets, and destroyed the servers. Secure Pay Solutions. Officially, it remained operational, but all special functions of the terminals were disabled via a remote update.
To the outside world, the company simply became an ordinary supplier of POS systems. We kept a low profile. We changed our residences, minimized contacts. I moved to a small town in Georgia, where I rented a house under an assumed name. April and May passed in tense anticipation. It seemed that we had successfully covered our tracks. But on June 7, 2018, the world turned upside down completely. Our contacts in the security services of large banking networks reported a series of quiet arrests in Tampa and Miami.
Several technicians and programmers from a competing group were detained, but the case was deliberately kept under wraps in the press so as not to scare off the rest of the participants in the scheme. “They were Russians,” Ledger confirmed after checking the information through his sources. “They launched their own version of our scheme, but they acted too aggressively and attracted the attention of the banks’ internal security.
We waited another three months. There was no sign that the investigation had found us. But there was no way to go back to the old scheme. The payment system industry was now under a microscope. “In October 2017, we met for the last time, at a private villa in Mexico.
The decision was unanimous – to officially disband the group and divide the remaining assets. It was fun, guys,” Solaris said, raising a glass of tequila. “
We did the impossible, and, more importantly, we left on time. At that point, our fortune was estimated at about $36 million, $12 million each. The money was safely hidden in cryptocurrencies and offshore accounts. I returned to the US a month later. Settled in Seattle, as far away from Florida as possible. Bought a small IT company that was engaged in the legal development of security systems for small businesses. Ironically, now I was protecting people from people like me.
Solaris, as far as I know, went to Europe. Mac bought a ranch in Texas. Ledger, always the most cautious of us, simply disappeared. Even we don’t know where he is now. Almost eight years have passed. My company is thriving, I have a respected position in society. No one knows about my past. But every time I pay with a card in a store, I involuntarily examine the terminal, a habit that is impossible to get rid of.
Sometimes I think, How many more groups like ours are operating now? How many people become victims of fraud every day that they cannot even notice? Technology develops, but the principle remains the same. Where there is a system, there will always be someone who will try to deceive it. And often these people are not some mythical hackers from the movies, but ordinary IT specialists who one day decided to cross the line.
I am not proud of what I did. I am not looking for excuses. I am just telling how it was. Maybe my experience will help someone make the right choice. Or at least double check the terminal before inserting the card. They say the perfect crime is one that no one will ever find out about. We may have been close. But the price of such “success” is the constant fear of being found out and the need to always look over your shoulder.
It’s not a life I would wish on anyone. My name is Quickshift, and this was my story.
Skimming, fake terminals, cyber warfare and digital doubles - this is not fiction, but a real story revealed from the inside. We will show how the largest card fraud scheme worked, bringing in tens of millions of dollars ... and how just one mistake led to its collapse.
This topic is not only about crime, but also about technology, system vulnerabilities and the price paid by those who cross the line.
Warning: if you have ever used a bank card in a cafe, store or street kiosk - you should read this topic to the end! Important: All information is for educational purposes only. We do not promote or encourage any illegal activity. We encourage all readers to exercise caution online.Contents:
- How Skimming and PIN Interception Work
- How Fake Payment Terminals Are Created
- Darknet, cryptocurrencies and money laundering
- Who is Solaris and how did he help build an "empire"
- Why their scheme went unnoticed for almost 4 years
- How it all collapsed because of new competitors
- How many such schemes exist today?
Hello, friends! Today I will tell you a story not about fantasies, but about real holes in the system that someone took advantage of. But this is how the modern world works. The most sophisticated crimes often remain in the shadows. Have you ever wondered how your money is protected when you pay with a card in a cafe or a small store? Have you noticed that the payment terminal looks exactly the same as yesterday?
Are you sure that this is the same terminal? In our digital world, we trust our financial data to dozens of systems and devices every day. But what if someone learned to masterfully replace them? What if your card is read twice - once for a real payment and once - for an invisible thief? Today I present to you the confession of a man known in certain circles under the pseudonym Quickshift.
A former IT specialist, who in a few years went from a talented self-taught person to the creator of one of the most sophisticated fraud schemes with payment terminals. This story does not justify the criminals. It doesn’t make them heroes. But it does help to understand how the system works, which allows stealing millions of dollars from unsuspecting people. To understand in order to protect yourself. I came across this story on one of the closed forums on the darknet, where criminals write their confessions.
It took me a long time to check the facts. Many details were confirmed, some were not. But the overall picture, unfortunately, is all too plausible. Sit back, make sure your own bank cards are safe. And get ready to dive into the world of a man who found a way to hack a system that was considered invulnerable.
Hi, my name is Quickshift, and I would like to tell you my story. The story of how I stole millions of dollars through counterfeit payment terminals. And how this game almost cost me everything. I’m always amazed at how easily people trust their money. A plastic card, a couple of seconds at the terminal, and your funds are already in the system. You don’t even think about where they go. And why. The system works, the money is written off, the goods are in your hands.
My acquaintance with this system began in 2013. I was 26, and I worked as an ordinary system administrator in the IT department of a grocery store chain in Miami. Nothing special. Backup, rebooting servers, periodic trips to points to solve typical problems. Among these problems, payment terminals often turned out to be. I was not an exceptional specialist. An ordinary guy from the middle class, who grew up in the suburbs of Miami.
My father worked as a manager in a construction company, my mother was a school teacher. We never had our own house, only rented apartments. I finished college on loans, which I paid off for many years. Since childhood, I had a talent for understanding technology. At 12, I built my first computer from old parts. At 16, I wrote a primitive virus that disabled the school network for 3 days.
Of course, I was caught, back then I did not know how to cover my tracks. Since then, I decided to be on the side of the good guys. At least, that's what I thought. I came to IT self-taught. No special education, only certificates and endless hours of books and video tutorials. The education system has never kept up with technology, so practical experience has always been valued more than a diploma. On March 15, 2013, I received a call from a store on Brickell Avenue.
A problem with the POS terminal, customers are unhappy, the lines are growing. Standard situation, I arrived half an hour later, ready to do the usual procedure - reboot the system and leave. But that day, everything went differently. Instead of the usual software failure, I found a physical malfunction. I had to disassemble the terminal completely, and what I saw inside changed my life. On the motherboard of the device was a small chip, a thin board about the size of a fingernail. I immediately realized that this was not part of the original design.
It was a skimmer. A device for reading bank card data. I had to report it. I had to hand it over to security, call the police. This would have been the correct legal reaction. Instead, I carefully removed the skimmer, wrapped it in an anti-static bag and put it in my pocket. The terminal was fixed, eliminating the software failure, the official version for the report. Why did I do this?
I can’t say that it was a well-thought-out plan. More like an instinct of an explorer. I was interested in how this thing is arranged, how it works. And perhaps, deep down, I already understood the possibilities this opened up. At home, I studied the find; the skimmer was primitive. A simple data recorder that copied information from the card’s magnetic stripe when a transaction was made. But for me, it was a revelation. I spent the next week on the Internet, studying everything about payment systems.
Forums, articles, technical documentation. Many sources were on shadow resources where I had never looked before. There, for the first time, I saw how deep this rabbit hole was. By the end of the month, I knew more about terminal software than any ordinary technician. I understood their architecture, vulnerabilities, data transfer protocols. And, more importantly, I understood how to fool them. In early May 2013, I created my first skimmer.
A simple device that could read card data. I had no plans to use it; it was just an experiment, I told myself, a proof of concept. But it worked, and that was exciting. A month later, I got a letter from the bank. A reminder about a late payment on my student loans. Then a notice about a rent increase. And then a bill for my mother’s treatment, for a pre-cancerous condition.
The financial crisis hit me like a tsunami. My salary as a sysadmin at a grocery chain didn’t cover half of my expenses. I started picking up extra shifts, freelancing at night. But it wasn’t enough. And then I remembered the skimmer in my desk drawer. It’s just an experiment, I told myself, as I installed the device into the terminal of a small newsstand on the outskirts of town on July 17, 2013. A temporary solution, I told myself, as I used the stolen data for the first time, to make small online purchases through anonymous proxies.
I was careful, choosing small transactions that victims might not notice, using complex money laundering schemes that I read about on forums. And most importantly, I never took too much from one person. That’s how my double life began. During the day, an ordinary system administrator, solving technical problems. At night, a carder, perfecting his methods of data theft.
And with each passing month, the line between these worlds became more and more blurred. By the end of 2013, I had paid off my college loan, paid for my mother’s medical treatment, and moved to a better apartment. Friends and colleagues thought that I was just lucky with my part-time jobs. If only they knew… On January 10, 2014, I met a man who would take my activities to a whole new level. His nickname was Solaris, and he changed my approach to payment system fraud as dramatically as the skimmer once changed my life.
I met Solaris on a closed darknet forum. Unlike most, he didn’t brag about his achievements or sell cheap scripts to newbies. He wrote rarely, but to the point. Technical details, vulnerability analysis, forecasts for the development of security systems. After several weeks of careful communication, we met on January 10 at the Diner – a crowded place enough to remain anonymous.
But noisy enough to avoid wiretapping. Solaris was not what I had imagined from his online communication. He spoke sparingly about himself, but it was obvious. Before me was a man with a deep understanding of POS systems. From some of his comments, I realized that he was directly involved in the development of security protocols for payment terminals. What he knew was impossible to find in the public domain. “Your skimmers are children's toys,” he said.
“You skim the cream but lose the milk. The real money isn’t in copying magnetic stripes, it’s in intercepting and substituting transactions.” He described his idea for building fully-fledged counterfeit terminals that would be indistinguishable from the real thing. Devices that would work as normal but send a copy of every transaction to our servers. “It takes a team,” he explained. “One person can’t do it.”
Two weeks later, Solaris introduced me to Mac, a former bank-installation technician who had lost his job after a falling out with management over pay cuts. “I know all the logistics of how, where, and when the terminals are installed,” he said. “And more importantly, I know how to do it without asking questions.” The last to join was Ledger, a financial whiz with experience in cryptocurrency startups. He had developed a scheme to launder money through a chain of cryptocurrency transactions that made their origins untraceable.
By March 2014, our team was formed. We rented a small warehouse in an industrial area of Miami, turning it into a lab. Solaris was in charge of the technical part, I was in charge of the software, Mac was responsible for the installation, Ledger was in charge of the finances. We created the first model of the counterfeit terminal by May. Externally, it was an exact copy of the Verifone VX520, one of the most common models for small businesses.
Inside, it was a completely different system. Sum, our terminal worked like a regular one, contacted the bank, conducted the transaction, issued a check, but simultaneously sent a copy of all the data to our server in Eastern Europe. Special software, written by me, analyzed this data and determined which cards could be safely stolen from. We used complex algorithms. We did not touch accounts with a balance below a certain amount, did not withdraw more than 15% of available funds, avoided corporate cards with their enhanced monitoring.
Instead of one-off large crashes, we made a series of small transactions in different places. On June 12, 2014, we installed the first terminal in a souvenir shop on Ocean Drive. The owner didn’t even understand what had happened. Meg introduced himself as a bank technician, said that the terminal needed an update, and simply replaced the device.
The first few days we were on edge, constantly monitoring traffic, ready to instantly turn off the system. The system. But everything worked perfectly. In the first week, this single terminal processed $40,000 worth of transactions. Our algorithm selected cards that could safely withdraw about $3,000. By August, we already had 5 terminals in different areas of Miami. Small cafes, souvenir shops, 24-hour stores, places with high traffic of tourists who rarely check their accounts during their vacation.
We upgraded the system. Now the terminals not only copied card information, but also intercepted PIN codes for debit cards, which made it possible to withdraw cash from ATMs, including foreign ones. By the end of 2014, each of us was earning more than $30,000 a month. I moved to a penthouse with an ocean view, bought an Audi R8, and started collecting watches.
I told my parents that I had founded a successful startup with a fade in the field of cybersecurity. They were proud of me, if only they knew. In January 2015, we faced our first serious problem. One of our terminals in a cafe attracted attention. A regular customer, an employee of the bank's IT department, noticed strange things in the device and reported it to the security service.
Mack managed to pick up the terminal an hour before the specialists from the bank arrived. It was an alarming call. We realized that we needed to be even more careful, even more inventive. And then Solaris proposed an idea that took us to a whole new level. “What if instead of replacing existing terminals, we started making our own?” he said, “fully functional devices, certified and connected to real payment systems, but with our modifications inside.”
Solaris’s idea was so audacious that at first it seemed crazy. Creating a company that officially supplies POS terminals, getting all the necessary certificates, building a network of clients – this is no longer a small-time scam, but a business. Criminal, but a business. “I have the certification documentation,” Solaris explained. “I know the procedures from the inside.
We will be able to create devices that will pass all the checks. Security officials are looking for hacked terminals, but no one suspects the company that produces them itself.” We spent March 2015 preparing. Ledger registered the company Secure Pay Solutions through front men in Delaware. We rented a small office in a Miami business center and hired two unsuspecting employees to work with clients.
We followed all the rules, filled out dozens of forms, passed checks, connected to payment systems. Our terminals successfully passed all security tests, because officially they were absolutely clean. Backdoors were activated only after the final certification, through updates that we carried out remotely. By June 2015, Secure Pay Solutions received all the necessary permits and began working.
We offered terminals at prices below market prices, provided free installation and maintenance. Dozens of small businesses, restaurants, stores, beauty salons became our clients. "A smart strategy is not to take everything at once," Ledger repeated at our weekly meetings. We select only 5% of the total flow. Banks are set to identify anomalies, and 5% is not an anomaly, it is an error.
By the end of 2015, our network included more than 70 terminals in Miami and the suburbs. Monthly income exceeded $800,000 for four people. The money was laundered through a complex cryptocurrency transaction scheme and reinvested in legitimate businesses. I bought a penthouse and a vintage car collection. To everyone, I was a successful IT entrepreneur, the founder of a fintech startup. I even spoke at local business forums, talking about the future of secure payments.
The irony of this situation did not escape me. In early 2016, we began expanding to other cities in Florida. We opened a representative office in Orlando and Tampa. We hired regional managers who had no idea about the true nature of the business. To them, Secure Pay Solutions was a promising fintech company competing with industry giants due to innovative technologies and flexible pricing policies.
Our scheme worked flawlessly. We strictly followed the security rules - no face-to-face meetings with the whole team, no recordings, no traces. All communication through encrypted channels, all transactions through mixers, fake documents, shell companies, anonymous servers in countries that do not cooperate with the American intelligence services. By the fall of 2016, our empire covered most of Florida. More than two hundred terminals processing millions of dollars in transactions daily.
We became a victim of our own success. Secure Pay Solutions became noticeable in the market, and we were written about in local business publications, we were invited to industry conferences. But in November 2016, everything changed. Mac was the first to notice an anomaly. Several of our terminals in Orlando began transmitting strange data. Someone was intercepting our traffic. Not banks or law enforcement agencies, there would have been other traces.
Someone was acting according to our own scheme. We have competitors, Solaris concluded after analyzing the logs. And they are not just copying ours. They are intercepting data that we have already intercepted. This was a serious threat. First, unknown hackers could accidentally or intentionally uncover our scheme. Second, they were reducing our income by taking part of the catch. Third, their methods were crude and could attract the attention of security.
We conducted our own investigation. One of the technical specialists we hired to work on the terminal firmware sold the information on the market. Now our technology has become available to other groups. They did not bother with fine-tuning and took much more than 5% of transactions. They did not build a long-term strategy; they wanted quick money. “They are like elephants in a china shop,” Ledger said at an emergency meeting in December.
“If this continues, in a month or two the banks will notice a surge in fraud and begin a global audit of all terminals. And then we will be under attack too. We had three options - to shut down the operation, change the technology or neutralize the competitors. We were not ready to abandon the business that was bringing in millions. Completely changing the scheme would take too long and be too expensive.
There was a third way. We need to find them and come to an agreement, I suggested, or seize the initiative. A real cyber war began. We introduced a special trap into our terminals - a code that tracked any unauthorized connections. This allowed us to establish the IP addresses and approximate location of competitors. By January 2017, we had enough information.
These guys were based in Tampa and consisted of three people - a former bank programmer and two freelance hackers. They worked from a rented apartment in the suburbs and used a modified version of our technology. “Now we had to decide how to proceed. And this decision was supposed to change our entire operation. February 2017 began with a series of emergency meetings. Competitors were becoming more and more brazen.
Their algorithms were taking not 5% like ours, but a full 20-30% from suitable cards. This was not just stealing our technology, this was a direct path to the collapse of the entire scheme. They would achieve a situation where banks would unite for a large-scale investigation. Ledger warned. "Our security is based only on statistical invisibility. After much debate, we chose a strategy - not to eliminate competitors, but to redirect attention to them. It was risky, but we saw no other way out.
We created an anonymous communication channel with the security department of the largest bank in Florida. Through a series of accidental leaks, we provided information about suspicious terminals in Tampa. Of course, we did not mention our own involvement, introducing ourselves as concerned IT security specialists. The plan worked even better than we expected. In March 2017, Tampa police conducted an operation to detain a group of fraudsters who modified payment terminals.
The news about this flew through all the local media. However, we were in for an unpleasant surprise. That evening, Meg received an encrypted message. "We know who you are. We know how you work, we have proof. - meeting, tomorrow, 3 p.m., Bayside Pier. One of the detainees decided to bargain with the police, handing over a bigger fish - us. We found ourselves at a crossroads - to run, lie low, or meet halfway.
After a sleepless night, we decided that Solaris and Meg would conduct reconnaissance while remaining at a safe distance from the meeting place. What they saw shocked us all. There were no police on the pier. Instead, there were two men in expensive suits with bodyguards. They were clearly not representatives of the law. “These are people from a Russian group,” Meg said when he returned. “I’ve seen them before. They control cashing in three states.”
The situation took an unexpected turn. The Russians apparently learned about our scheme from the detained hackers and now wanted either their cut or to take over the business entirely. We decided not to make contact. Instead, we activated the emergency shutdown protocol. Within 48 hours, we eliminated all direct evidence, transferred assets to anonymous crypto wallets, and destroyed the servers. Secure Pay Solutions. Officially, it remained operational, but all special functions of the terminals were disabled via a remote update.
To the outside world, the company simply became an ordinary supplier of POS systems. We kept a low profile. We changed our residences, minimized contacts. I moved to a small town in Georgia, where I rented a house under an assumed name. April and May passed in tense anticipation. It seemed that we had successfully covered our tracks. But on June 7, 2018, the world turned upside down completely. Our contacts in the security services of large banking networks reported a series of quiet arrests in Tampa and Miami.
Several technicians and programmers from a competing group were detained, but the case was deliberately kept under wraps in the press so as not to scare off the rest of the participants in the scheme. “They were Russians,” Ledger confirmed after checking the information through his sources. “They launched their own version of our scheme, but they acted too aggressively and attracted the attention of the banks’ internal security.
We waited another three months. There was no sign that the investigation had found us. But there was no way to go back to the old scheme. The payment system industry was now under a microscope. “In October 2017, we met for the last time, at a private villa in Mexico.
The decision was unanimous – to officially disband the group and divide the remaining assets. It was fun, guys,” Solaris said, raising a glass of tequila. “
We did the impossible, and, more importantly, we left on time. At that point, our fortune was estimated at about $36 million, $12 million each. The money was safely hidden in cryptocurrencies and offshore accounts. I returned to the US a month later. Settled in Seattle, as far away from Florida as possible. Bought a small IT company that was engaged in the legal development of security systems for small businesses. Ironically, now I was protecting people from people like me.
Solaris, as far as I know, went to Europe. Mac bought a ranch in Texas. Ledger, always the most cautious of us, simply disappeared. Even we don’t know where he is now. Almost eight years have passed. My company is thriving, I have a respected position in society. No one knows about my past. But every time I pay with a card in a store, I involuntarily examine the terminal, a habit that is impossible to get rid of.
Sometimes I think, How many more groups like ours are operating now? How many people become victims of fraud every day that they cannot even notice? Technology develops, but the principle remains the same. Where there is a system, there will always be someone who will try to deceive it. And often these people are not some mythical hackers from the movies, but ordinary IT specialists who one day decided to cross the line.
I am not proud of what I did. I am not looking for excuses. I am just telling how it was. Maybe my experience will help someone make the right choice. Or at least double check the terminal before inserting the card. They say the perfect crime is one that no one will ever find out about. We may have been close. But the price of such “success” is the constant fear of being found out and the need to always look over your shoulder.
It’s not a life I would wish on anyone. My name is Quickshift, and this was my story.
