Since the beginning of the year, the Russian police have already conducted several successful operations against carders. The day before, the police stopped the work of three of the largest fraudulent sites selling stolen bank card data. Since February 8, when accessing resources, a banner appears about blocking the page by law enforcement agencies.
We are talking about Ferum and Trump-Dumps cardshops (portals where you can purchase bank card data), a forum with ads from similar Sky-Fraud stores, as well as a Uas-Service resource (it sold compromised data of a different type).
Over the entire period of operation, these cardshops sold information about almost 115 million bank cards, the total value of which on the black market exceeded $ 650 million. Although all the blocked sites are Russian-speaking, the share of data from Russian bank cards on them was insignificant.
Cardshops offer to buy text data of bank cards (number, expiration date, holder's name, address, CVV) and dumps (magnetic stripe content). Having taken possession of this data, fraudsters steal money from the victims ' cards. Text data is available to attackers either after the victim's computer is infected with a virus, or through phishing. And dumps are stolen using special skimmer devices that are installed in ATMs or infected POS terminals to pay for goods or services. Card shops offer bank card data from most countries of the world for sale, but most of it is from the United States. Data from Russian maps is also available, but their share is not large and has been steadily declining in recent years.
On the Sky-Fraud forum (it existed since 2011, published text data), the cybersecurity crime investigation company Group-IB found information about more than 20 thousand bank cards. Through Ferum, which has been known since 2011, the data of 65 million cards, whose total value is almost $300 million, has passed for all time. Only for 2020-2021, Group-IB recorded information about 15 million cards on sale on it, more than on any other similar resource.
Up to 50 million dumps worth almost $380 million were traded on Trump-Dumps (active since 2017). Uas-Service is not directly related to carding, it was engaged in selling data for RDP access (remote computer management) and social security numbers, but it was found to have a common server with Ferum and Trump-Dumps. It is likely that all three portals were managed by the same hacker organization.
The practice of police deface involves placing banners of the Ministry of Internal Affairs on hacker resources. This means that law enforcement agencies gained access to the infrastructure of intruders, which could only happen if those involved in managing the forum and cardshops were detained.
For example, the Trump-Dumps portal displays the logo of the "K" department of the Ministry of Internal Affairs and the text: "The TRUMP-DUMPS service is permanently closed during a special operation of law enforcement agencies. Department "K" of the BSTM (Bureau of Special Technical Measures – ed.) of the Ministry of Internal Affairs of Russia warns: "embezzlement of funds from bank cards is illegal! 187 of the Criminal Code of the Russian Federation: Production, acquisition, storage, transportation for use or sale, as well as sale of counterfeit payment cards, money transfer orders, documents or means of payment, as well as electronic means, electronic information carriers, technical devices, computer programs intended for illegal reception, issuance, transfer cash flows. Is punishable by up to seven years ' imprisonment."
Recall that in early 2022, the police have already closed two other cardshops-Joker's Stash and Unicc. According to experts, the carding market is losing its attractiveness for cybercriminals, and the turnover of these cards on the black market has been decreasing since last year. "The closure of the largest illegal darknet resources will have international significance, "Dmitry Volkov, CEO of Group-IB, said in an interview with RBC."It is already clear that carding is gradually moving towards its decline."
Group-IB reports that in the second half of 2020 and the first half of 2021, the volume of the global carding market decreased by more than a quarter — from $2 billion. up to about $1.5 billion. In Russia and the CIS countries, this market declined by almost 80% ($270 thousand against $1.2 million in the previous similar period). The number of these cards sold by banks in Russia and the CIS during this period decreased by 60% — 34 thousand units against 13 thousand. On average, the price for text data in cardshops is about $15 per card, and for one dump just over $30.
Since the beginning of the year, the police have already conducted several successful operations against hackers. At the very beginning of February, six members of a hacker group were detained in different regions of Russia as part of a criminal case on illegal circulation of payment funds. Among the detainees are Denis Pachevsky, General Director of Saratovfilm Film Company LLC, Alexander Kovalev, an individual entrepreneur, Artem Bystroykh, an employee of Transtechcom LLC, Artem Zaitsev, an employee of Get-net LLC, and two unemployed people - Vladislav Gilev and Yaroslav Solovyov.
Earlier, in the case of cyber fraud, the Moscow police defeated the hacker groups REvil and The Fraud Organization. Some of their participants were arrested, and some were sent under house arrest as part of a pre-trial cooperation agreement.
It is known that US intelligence agencies have repeatedly stated that hacker attacks on industrial and commercial facilities in the United States originate from the territory of Russia. President Joe Biden demanded that Vladimir Putin arrest the reEvil members at the talks. "I made it very clear to him: the attack is coming from his territory, even if it is not organized by the authorities, we expect them to act if we provide them with enough information," the American president said, answering questions from journalists.
(c) Igor Prusakov
We are talking about Ferum and Trump-Dumps cardshops (portals where you can purchase bank card data), a forum with ads from similar Sky-Fraud stores, as well as a Uas-Service resource (it sold compromised data of a different type).
Over the entire period of operation, these cardshops sold information about almost 115 million bank cards, the total value of which on the black market exceeded $ 650 million. Although all the blocked sites are Russian-speaking, the share of data from Russian bank cards on them was insignificant.
Cardshops offer to buy text data of bank cards (number, expiration date, holder's name, address, CVV) and dumps (magnetic stripe content). Having taken possession of this data, fraudsters steal money from the victims ' cards. Text data is available to attackers either after the victim's computer is infected with a virus, or through phishing. And dumps are stolen using special skimmer devices that are installed in ATMs or infected POS terminals to pay for goods or services. Card shops offer bank card data from most countries of the world for sale, but most of it is from the United States. Data from Russian maps is also available, but their share is not large and has been steadily declining in recent years.
On the Sky-Fraud forum (it existed since 2011, published text data), the cybersecurity crime investigation company Group-IB found information about more than 20 thousand bank cards. Through Ferum, which has been known since 2011, the data of 65 million cards, whose total value is almost $300 million, has passed for all time. Only for 2020-2021, Group-IB recorded information about 15 million cards on sale on it, more than on any other similar resource.
Up to 50 million dumps worth almost $380 million were traded on Trump-Dumps (active since 2017). Uas-Service is not directly related to carding, it was engaged in selling data for RDP access (remote computer management) and social security numbers, but it was found to have a common server with Ferum and Trump-Dumps. It is likely that all three portals were managed by the same hacker organization.
The practice of police deface involves placing banners of the Ministry of Internal Affairs on hacker resources. This means that law enforcement agencies gained access to the infrastructure of intruders, which could only happen if those involved in managing the forum and cardshops were detained.
For example, the Trump-Dumps portal displays the logo of the "K" department of the Ministry of Internal Affairs and the text: "The TRUMP-DUMPS service is permanently closed during a special operation of law enforcement agencies. Department "K" of the BSTM (Bureau of Special Technical Measures – ed.) of the Ministry of Internal Affairs of Russia warns: "embezzlement of funds from bank cards is illegal! 187 of the Criminal Code of the Russian Federation: Production, acquisition, storage, transportation for use or sale, as well as sale of counterfeit payment cards, money transfer orders, documents or means of payment, as well as electronic means, electronic information carriers, technical devices, computer programs intended for illegal reception, issuance, transfer cash flows. Is punishable by up to seven years ' imprisonment."
Recall that in early 2022, the police have already closed two other cardshops-Joker's Stash and Unicc. According to experts, the carding market is losing its attractiveness for cybercriminals, and the turnover of these cards on the black market has been decreasing since last year. "The closure of the largest illegal darknet resources will have international significance, "Dmitry Volkov, CEO of Group-IB, said in an interview with RBC."It is already clear that carding is gradually moving towards its decline."
Group-IB reports that in the second half of 2020 and the first half of 2021, the volume of the global carding market decreased by more than a quarter — from $2 billion. up to about $1.5 billion. In Russia and the CIS countries, this market declined by almost 80% ($270 thousand against $1.2 million in the previous similar period). The number of these cards sold by banks in Russia and the CIS during this period decreased by 60% — 34 thousand units against 13 thousand. On average, the price for text data in cardshops is about $15 per card, and for one dump just over $30.
Since the beginning of the year, the police have already conducted several successful operations against hackers. At the very beginning of February, six members of a hacker group were detained in different regions of Russia as part of a criminal case on illegal circulation of payment funds. Among the detainees are Denis Pachevsky, General Director of Saratovfilm Film Company LLC, Alexander Kovalev, an individual entrepreneur, Artem Bystroykh, an employee of Transtechcom LLC, Artem Zaitsev, an employee of Get-net LLC, and two unemployed people - Vladislav Gilev and Yaroslav Solovyov.
Earlier, in the case of cyber fraud, the Moscow police defeated the hacker groups REvil and The Fraud Organization. Some of their participants were arrested, and some were sent under house arrest as part of a pre-trial cooperation agreement.
It is known that US intelligence agencies have repeatedly stated that hacker attacks on industrial and commercial facilities in the United States originate from the territory of Russia. President Joe Biden demanded that Vladimir Putin arrest the reEvil members at the talks. "I made it very clear to him: the attack is coming from his territory, even if it is not organized by the authorities, we expect them to act if we provide them with enough information," the American president said, answering questions from journalists.
(c) Igor Prusakov
