Jollier
Professional
- Messages
- 1,422
- Reaction score
- 1,454
- Points
- 113
In this thread, a professional carder, known in narrow circles as Sergey PP, revealed his secrets. We talk about carding in the past (I tell more, taking into account more than 20 years of experience), about clothing carding (clothing carding) and other areas of cybercrime today, about carding training, carding, how safe all this is and whether it is punishable in Russia and other CIS countries at all, about arrests of carders, about PayPal theft methods (PayPal or PayPal carding), about "logs", bank accounts (BA), carding in 2025, carding equipment, carding interviews, famous carders and hackers, carding in Russia, carding in Ukraine, carding in the USA, carding in Kazakhstan, Aliexpress carding, Carder Planet forum, dumps with pin codes, drops and other methods of cashing out, my book "How I Stole a Million" and much more.
Contents:
Carder:
I take it upon myself to answer any questions you may have.
Pavlovich:
Is carding alive?
Carder:
Yes, it is. And hundreds of thousands of people are doing it. They just probably don’t know about me yet.
Pavlovich:
If you told this in an American court, they would just laugh so hard, shaking with handcuffs like that.
Carder:
Two years ago, I was still working at a normal job.
Pavlovich:
It’s better to learn English in advance, you know, it will come in handy for us.
Carder:
Well, a classic.
Is carding alive?
Pavlovich:
Friends, hello. Today is a new episode. You often asked me in the comments if carding is alive.
So I want to say that it is alive, and today we will have as our guest an active carder - a person who trains carders there, and in general we will talk about carding and cybercrime from my point of view, as it was before, because I have not been doing this for more than 10 years, and also how things are with carding now. So, in my studio, meet the guest, performing on the Internet under the pseudonym Sergey PP.
Now every week I will have one episode, and two. The first with an invited guest, like today. And in the second episode, I will be alone and I will talk about carding, cybercrime, hacking. We will go through the fans of the USSR, of course. There will be an episode with it, here it is on the right in the screenshot, so as not to miss new episodes.
Well, we begin. So, Sergey PP, tell me, firstly, is carding alive? This is the most common question, our subscribers often ask. And secondly, what exactly do you do in carding? Why are you wearing a mask? And anyway, why did you come here today?
Carder:
Yes, it is alive. And hundreds of thousands of people are doing it all over the world. And they are doing absolutely different directions, just like 10 years ago, just like 5. Every day there are more and more of them. I even contribute to this to some extent.
Which directions of carding are “alive” today?
Pavlovich:
Look, I don't do carding. Carding, I'll explain, if anyone doesn't know, is fraud with credit cards. That is, in the world of cybercrime, there is a clear division. There are hackers who hack banks, get, steal bank accounts, accounts from your Facebook, steal credit cards, numbers, dumps and so on. There are carders, that is, these are more scammers from the English word card, that is, a credit bank.
Carders are those who steal money directly from your bank accounts, from your credit cards received from hackers. And in my time, the main directions of carding were carding of goods, when you take the number of someone else's credit card, there are expiration dates, cvv code and order something in a Western online store. Then there was real plastic, when dumps were used, that is, pictures from the magnetic strip of your card.
A duplicate card was made, that is, a clone, yes, and it was carried around in stores, various goods were bought. That is, drops, specially trained people with documents in the same name, to which the cards were sent, were bought up in stores. Well, and also, of course, there were dumps with pin codes, well, there is generally no need for great intelligence, you go to any ATM and withdraw. Now, by the way, the Internet is full of ads for selling dumps with pin codes, but don't get fooled, as Boa, one of the leading carders, once said.
Now, by the way, he's finishing off the twenty in the US, he'll be free soon. The twenty. He said that a dump with a pin is like cash in your pocket, but no one has ever sold $100 for $20, unless, of course, they were made in Grozny or Tibiran. And there was another direction, back then it was just starting, well, spam, of course, has always existed, and stealing money from bank accounts, other people's, yes.
These are the main directions of carding that I witnessed and that were relevant 10 years ago.
What directions of carding are "alive" today?
Pavlovich:
Which of these are thriving now and some new directions, tell us, in which you work, which you are studying, perhaps, and which you just know about?
Carder:
But half of it is still alive, that is, naturally, the stuff, it hasn’t gone anywhere. And people also order stuff from other people’s cards on their drops and so on. Plus, working with bank accounts, that’s my main line of work. US bank accounts are merged, they are very easy, either to other accounts that you register yourself, or through some services, shells.
How do they get other people’s bank accounts?
Pavlovich:
Let’s start from the very beginning, where then, where do hackers and carders get other people’s bank accounts from?
Carder:
They get them the same way as 10 years ago, either by brute-forcing a password, or they use such a human weakness as setting the same passwords in different services. One of the services is merged with its database of logins and passwords, and this login and password will work for your bank account, and that’s it, the person has access to it.
Pavlovich:
Well, you mean, for example, hackers hack some forum where Facebook is registered, as always this Facebook leaks into the network, and it turns out that my login and password for Facebook will work for my bank account, right?
Carder:
For example, yes.
Pavlovich:
But you don’t know what my login and password are, you don’t know what bank I have an account in, you just pick and try to enter this login and password in all the banks of the world or what?
Carder:
No. This database of logins and passwords is run through software, some program for a specific bank. Software is written for each bank, and this database can be run under Chase Bank, Bank of America and some other bank. And in one of these banks, perhaps, your login and password will work.
Pavlovich:
And what is the percentage of success in this case? Not really. Well, one, I think, does not exceed 1-0.5 percent.
Carder:
Something like that.
How do they steal money from bank accounts?
Pavlovich:
Okay, you got access to someone else’s bank account, my login and password, let’s say, worked for the bank, what next? What steps do you take next?
Carder:
This login and password can be used to link to some application, some payment system, be it PayPal, Venom or some other US payment system, let's say, if you live in the US. And there are thousands of such services, applications, their number is growing every day.
Pavlovich:
That is, you can top up, you mean link my account to something, to AliExpress, to a mobile phone and top up from someone else's account, it turns out my balance, and then take it somewhere, right?
Carder:
Exactly, that's exactly what we do.
Pavlovich:
And how much per day, you say we, that is, you have an organized group or what?
Carder:
No, me and my colleagues, that is, I have a group of my former students, now colleagues, well, everyone works in their own direction, but we, naturally, intersect, there are not so many of them that we wander off too much.
Pavlovich:
So you steal money from unsuspecting Americans' bank accounts every day, right? Okay, and how much money are we talking about?
Carder:
Tens, maybe even hundreds of thousands of dollars a day.
Pavlovich:
Well, how much have you ever seen on one account at most?
Carder:
$20 million.
Pavlovich:
And how much have you managed to steal from that account?
Carder:
Only $4,000.
Pavlovich:
Okay, and the most you've ever personally stolen from someone else's bank account?
Carder: $
6.
Pavlovich:
$6,000?
Carder:
$6,000 at a time.
Pavlovich:
Why can't you steal everything, for example?
Carder:
Bank protection will not provide much, well, protection levels and so on. That is, the bank itself will not allow a large sum to be written off, it can call the owner and he will change the password, or the bank owner will receive a notification, for example, an SMS, or a notification by mail, he will change the login and password and that's it. It will recall the transaction. Or the service where we put this money in order to withdraw it later, it may not like such a large sum and it can request some verification, etc., which you will not be able to pass. That is, it will be some kind of call with secret questions.
Pavlovich:
And can I ask for my mother's maiden name?
Carder:
Classic.
Pavlovich:
And what other problems do you encounter with this? Well, the call is okay, but what about drawing up some documents?
Carder:
It's not a problem, I don't know how it was for renderers 10 years ago, but now it's so common that they can render any document for you in half an hour, be it a bank statement or a selfie with a driver's license.
Pavlovich:
And how much does it turn out, for example, can you personally process, steal, rob an American in a day?
Carder:
It's quite possible to process 10-20 bank accounts in a day. Each one can contain from several thousand dollars to hundreds of thousands of dollars.
How do carders work with PayPal?
Pavlovich:
Okay, this is one of the areas of your activity, but why? Why do you have a nickname on the Internet "Sergey PP" then? "PP" has always been a designation for PayPal.
Carder:
I started with this payment system when I first came to carding. I started working with this payment system, and it just so happened that I gave myself this nickname. Although I don't work with it as closely as before, I got attached, this nickname remained.
Pavlovich:
Tell me, I just from all the carder topics, this PayPal is probably the only topic that has passed me by. Tell me what they did with it and what they do with someone else's PayPal now.
Carder:
This is probably the most popular direction in general. This is the direction that the masses operate, which, say, 50% of the total mass of carders work in. Everyone loves this direction because it is simple. That is, for so many years they have not been able to, as it were, maintain such good protection, yes, it exists, but there is no such good protection to completely cut off fraudulent transactions.
And the first thing is that if a PayPal account falls into someone's hands, naturally the first thing they do is process it, then the banks and so on. What they do, the same thing. More than 18 million stores on the planet accept PayPal as a payment method.
Pavlovich:
Ebay, for example.
Carder:
The same Ebay, or some other services where you have a balance and can top it up, gift cards and so on. Lots and lots of simple things, you can even buy bitcoins with PayPal, the main thing is to find where.
Pavlovich:
They don't call? So it's easier to buy with PayPal, for example, than with someone else's credit card?
Carder:
Yes.
Pavlovich:
How?
Carder:
In the case of PayPal, there is no such strict verification, i.e. no verification by zip, i.e. by index in our language. The security system is worse than when working with credit cards, because it is a system used by millions of people, 200 million people with change all over the planet, and naturally they are trying to make it as simple as possible for people.
If it is complicated, no one will use it.
What brings in the most money in carding?
Pavlovich:
It is the most crooked payment system I have ever seen. I can't verify my passport there on the tenth try. PayPal, yes, and how much, for example, what brought you the most money, stealing from other people's bank accounts now, or stealing from other people's PayPal before?
Carder:
Of course now, I have much more experience. And with PayPal it was the same stuff. The direction I worked in was that same password selection, roughly speaking, stolen PayPal accounts. They did not give huge sums, these were small purchases in online stores in Germany, mainly England, the USA. Everything was brought here, sold and that was my income.
Pavlovich:
For what percentage of the purchase price did you discount here?
Carder:
I only brought highly liquid goods, i.e. Samsung SSDs, etc. They were sometimes sold at 80-90%, i.e. 500 rubles were knocked off the store price. And people called and asked, bring more.
Pavlovich:
For example, is an SSD a hard drive or what?
Carder:
Yes, yes. These are the things that are never discounted in stores, you can't snatch them up on sale, they are sometimes even hard to find.
What other carding trends are relevant now, what are "logs"?
Pavlovich:
And what other carding trends are relevant today?
Carder:
Of those that are in the masses, like PayPal, which any schoolchild can steal, roughly speaking, these are logs.
Pavlovich:
What are logs?
Carder:
This is all the data from your computer, you download, for example, a program to make your RAM work faster, it has a virus embedded in it that sends all the data from your computer to the person, the owner of this virus.
Pavlovich:
What do you mean by keyloggers?
Carder:
Cookies, passwords, desktop data, and so on.
Pavlovich:
But for this, the victim computer must first be infected.
Carder:
Well, yes, this is one of the most profitable areas in terms of providing work for carders, this traffic of people who will download your program, this is where a lot of money is made, on traffic.
Pavlovich:
So you mean, first you need to lure a person so that he installs this spyware that will steal all his data?
Carder:
Yes, because if you send this program by mail and no one downloads it.
Pavlovich:
There are dozens, hundreds of ways to lure a user to a site. Personally, for a 10-piece discount, I can come up with the same pop-unders that pop up in windows and so on.
Carder:
Force them to open an executable file? Yes, it's quite difficult. There are, or rather, I don't know, somewhere there are craftsmen who disguise these files as doc files, pdf and so on, but such a service costs several thousand dollars, and I don't know such craftsmen, but I've heard that such people exist.
Pavlovich:
What advice can you give to our law-abiding viewers in this regard?
Carder:
Don't download unverified files from the Internet, probably because of those same logs. Naturally, the logs of residents of the USA and Europe are used most often, but there are plenty of Russian ones there too, there are bad guys who can use data, not banking data, but some files, data stolen from your computer.
Pavlovich:
Where do you get the logs?
Carder:
Either they are sold by those who send out their malicious file. Those who either don't want to, or process the fattest part, and sell the rest. These are either sales, or you install it yourself.
Pavlovich:
You buy a malicious program, infect victims in the USA.
Carder:
But this is a criminal offense in the Russian Federation. This is the only direction among carding, roughly speaking, now, for which you can really go to jail.
Pavlovich:
Distribution of malware.
Carder:
And it doesn't matter what country you work in, the US, Europe, Russia, we'll dismiss it altogether, no one works in Russia, of all my friends, having this program or traces of it on your computer is a term in the Russian Federation. A long one. Maybe a conditional one, well, I think it's about 4 years for sure, I don't remember the article, but this is a term, this is the only area that I really don't recommend doing.
You can steal tens of thousands of dollars from US residents a month, but having this program alone, you can do nothing with it, this is a term in Russia.
Pavlovich:
Well, and here I should add, I just encountered and a lot of my friends encountered that stealing even from Russia from residents of the USA and rich countries of Western Europe then you should be very wary of going abroad at all, because in Russia the FBI agents, the US Secret Service cannot reach us, so look for yourself, read the Internet, all the most high-profile arrests of hackers, Russian spammers and other bad guys, they were on vacation, somewhere in Spain, Thailand, Holland, Turkey, the Maldives. Seleznev was arrested, I worked with him, by the way, he was given a 27-year sentence, a very talented hacker.
How to choose a "log", how much does it cost, what does the price depend on?
Pavlovich:
Where do they come from, where to get logs with all the banking information? Well, there is not only banking information, what else is there?
Carder:
At least anything, Facebook, all the passwords that are on your computer.
Pavlovich:
From mail there are all sorts?
Carder:
Yes, your wallet, bitcoins, blockchain, whatever.
Pavlovich:
But there will be a lot of stuff there, how can I filter it? How can I extract valuable information from the log, as you say?
Carder:
Just search for the links you need in it. You don’t have a million logins and passwords, I’m sure, maybe 100-200. This is the average number for a normal person. 100-200 login passwords. And you, naturally, immediately look for them in the search. It’s all in a text file. Login, password, login, password, and website.
Pavlovich:
Do you look manually or use a software analyzer?
Carder:
Either software or manually. That is, you can contact the seller and ask him for a specific link, that is, you found some payment system that you know how to drain. You can ask him to look in his log database for the link you need, and he will give you logs that contain the login and password for this payment system.
Pavlovich:
Well, and he will sell you all this, right?
Carder:
Well, and, naturally, the most popular is PayPal, and absolutely everyone works with it, it's simple.
Pavlovich:
And how much do these logs cost, yes, and how easy is it to find them?
Carder:
It's very easy to find. There are more than a dozen of these well-known stores. There are more than a dozen of them. They usually cost from 2-5 dollars to 20-30. For one log? Yes.
Pavlovich:
And what does the price depend on?
Carder:
On the availability of the necessary links. That is, let's say, the same log from PayPal will cost around 10 dollars. A log with a blockchain can be sold for 30 dollars, because there is a high probability that there is money on it and it will be very easy to take this money out, this is not usually sold.
Those who drive this traffic and extract logs, they process them themselves, that is, they have some people or some team that keeps the juiciest ones for themselves.
Pavlovich:
And so the simplest log with the American's data costs there? A couple of bucks. A couple of bucks, it turns out that this is complete inter-access to his identity, to all accounts in social networks, maybe to the bank?
Carder:
Yes.
Pavlovich:
And how much do logs with banking information cost, with access to bank accounts? Let's not take PayPal and crypto, for example? Also about 15 bucks.
The main problems of carders
Pavlovich:
The main problems when stealing money from other people's bank accounts and PayPal, for example?
Carder:
Well, naturally, this is two-factor authentication, which is being introduced almost everywhere now. But this is also easy to bypass, there are ways to get around it and so on.
Pavlovich:
Well, you mean when he receives an SMS on his phone, but how to get around it? That is, off the top of my head, one of the ways, I remember, we used it 20 years ago, is when you have access to his bank account, you change the phone to yours.
Carder:
This is one of the options, it's simple, the bank really does it that way. You can still change the number, but it will take some time for the bank to take it normally, leave it for 2-3 days and you can already receive SMS on your number.
Pavlovich:
In 2004, we changed the PIN code for the card like this, when there was a dump, for example. There is a dump, for example, with a last name, accordingly, you choose a dump with a very rare last name, which will be there for the whole of America, there are 1-2 people, you check it in the social security numbers database, you check it, accordingly, the data, because in order to gain access to his bank account, we did not get it from logs, like you do now, but we, it turns out, enroll his card, i.e. we opened access to online banking in his name and got it. That is, his card number is known, his first and last name are known, accordingly, in order to do this, to get access to his bank account, online banking, we needed MMN (Mother's Maiden Name). And when we found all this, accordingly, we got full access to his bank account and even changed the PIN code for the card.
We already have a dump. That is, we changed the PIN code, let it sit, i.e. as you are now letting these accounts sit, and then in 2 weeks we start removing PIN codes. Well, nothing complicated.
What does enrollment look like now?
Carder:
This direction still exists, enroll, it just looks a little different. That is, these are not dumps, but simply the card number, they select bins, which are the first 6 digits of the card, which are rolled, so to speak.
Pavlovich:
Well, that is, cards of certain banks in which you can get online access.
Carder:
Yes. And they also check your background, mother's maiden name, and so on, everything you listed.
And they also get online access at the bank, see your balance, see your account limits, that is, how much money you can withdraw at a time, you can also increase them, you don't even have to call, you can increase one transaction online, for example, so that you have not 2,000 dollars, but 5, and immediately write off 5,000 from this card.
How are things now in "clothing" carding?
Pavlovich:
And tell me then, how are things now in clothing carding, because in my time, 10-20 years ago it was very simple, that is, you have someone else's credit card number, expiration date, CVV code, respectively, name, surname, address, and you get in the store, when you buy any product in the West, as a rule, there were two fields. The first is the billing address, where you enter the information, that is, the address, zip code, index, phone number of the payer, the cardholder.
And the second is the shipping address, this is the delivery address, that is, where you enter your there, or your drop. And all this worked very successfully, and when I was doing this, there was no need to even change the IP address to an American one, they sent very often, that is, billing is not equal to shipping, accordingly, the IP address was yours, and your keyboard was Russian, and everything, and so it came, but now, as far as I know, everything has changed a lot, and this, naturally, will never work.
How are things with clothing carding now?
Carder:
Naturally, there are much fewer stores that send to different billing and shipping addresses, but they still exist, they can be found, but, naturally, you will not be able to do anything from a Russian IP at the moment, because there is a geolocation check and so on. But it's all very easy to change, it will cost you $1 to change your IP to the IP of a US resident, and living on the next street, using a proxy.
They cost $1-2 or more.
Pavlovich:
Do you do or did you do carding of goods?
Carder:
For fun, maybe now. Or if I really need some things, now Now I can buy everything for myself, earning on other topics. Earlier, yes, I started with carding of goods.
How did you get into carding?
Pavlovich:
And how did you get into carding?
Carder:
I got there by accident. I needed to block someone on VKontakte and they gave me a Darknet resource, well, naturally, I had never surfed such a thing, had never heard of it, I found what I was looking for, but such a thread as a carding offer caught my eye, this is one of the large resources in Brunet.
I started reading, studying, it became interesting, at that time I was working as a sales consultant in the clothing department and I saw the same things, but 50% cheaper, naturally it interested me, I started studying everything that was connected with this topic and literally in a couple of weeks I was already making my first entries, I got it very quickly. How many years ago was that? It was only two years ago.
Pavlovich:
So we can say that you have only been in carding for two years?
Carder:
Yes. Two years ago I was still working at a normal job.
Why are you so negligent about your safety?
Pavlovich:
At a legal one. You are wearing such a mask, yes, that in principle your face can be recognized quite easily. Plus Sergey PP is kind of easy to google on the Internet and so on. You even have Instagram, I was there. Why are you so careless about your safety? I just served 10 years in prison for cybercrime in Belarus, and I should have served 16.
Well, I succeeded. Accordingly, why are you so careless about this? What is this? I just can't wrap my head around it.
Carder:
I do not violate the laws of the Russian Federation, the laws of countries where extradition from Russia is possible. These are the CIS countries, the former USSR, and, roughly speaking, some moral qualities do not allow me to work in countries, roughly speaking, Slavic ones, that is, there, I don't know, personally, I morally cannot work in Poland, in any.
Well, in general, I work very little with Europe, mainly only the USA.
Pavlovich:
Well, by the way, this is a big mistake, do you know why? Because all my friends, hackers, they, colleagues. Everyone who is in prison, they are in prison specifically at the request of the USA. That is, Europe basically doesn't care, you stole something from them and that's it. But they do not forgive the USA. That is, when you stole some more or less reasonable amount from the US, half a million dollars or more, you became aware that they would find you, put you in jail, even after 10-20 years, you understand, they do not forgive.
So how do you even travel abroad then?
Carder:
I travel abroad, and to European countries, and there are no problems. They just probably don’t know about me yet. I am too little in this area, let’s say. I was somewhere, naturally, I am sure that I was noticed somewhere, because the money went somewhere and it was investigated, but perhaps somehow it did not reach me, my home addresses and so on, and plus I have to prove that it was me, as a citizen of the Russian Federation, who did this, and not someone there, sitting at my computer, or simply registered in my passport.
It is not difficult to register the Internet in someone else’s Russian passport. And this is one of the means of anonymization, so-called, i.e. do not register the Internet in your name.
How SergeyPP
Pavlovich will be imprisoned:
Well, you know, if you told something like that in an American court, it seems to me that they would just laugh a lot and say, look, and they shook these handcuffs at you. By the way, these handcuffs were given to me from America. I'm sure they would laugh for a long time. They would say, well, yes, yes, yes. What a coincidence that you were noticed, and someone got into your home computer, yes. Well, not you, of course, not you.
That's it. And, well, we all understand, but hold us for 20 years, let's say. Do you understand? Well, that is, it's a big illusion when, when we end up behind bars, for example, it's a big illusion, and you shouldn't joke like that especially in the USA, you shouldn't hope for justice, because there is great lawlessness everywhere, and especially in the USA, and if you stole something in the States, then in any case you will be punished by law or without.
Therefore, such a position that there is no direct evidence against me, and therefore, they will not prove anything, is disastrous. And it leads to very bad consequences, because no court, in any country in the world, will consider only one piece of direct evidence. Well, of course, it is one thing when you are caught red-handed, you have just shot a person in a crowd, 300 witnesses, you have gunpowder and a gun in your hands.
But it is a completely different matter when there is no direct evidence, but the court evaluates a set of small indirect evidence, you know, like a puzzle. That is, yes, there is no direct evidence that you stole, let's say. But there is something that points to you, there is the IP address of your city, which was subsequently found out there, that from your apartment there. Yes, the Internet is not on you, but your IP address. There are some accounts there, where you withdrew money, related to you. There is a photo of you in the clothes that you stole from you on social media. networks, you understand?
And this set of small pieces of evidence fits together like a puzzle and enables a judge, I repeat, in any country in the world to pass a guilty verdict. Therefore, if you are engaged in something criminal, especially against the United States, then you need to think before going to Europe next time and especially to countries that are friends with the United States, like England, Israel, Thailand especially, Spain and Germany, by the way, oddly enough, too.
So you need to be careful. You reassure yourself that I am not breaking Russian laws, but you have already broken 150 American laws. So don’t be surprised, and better yet, learn English in advance, it will come in handy when explaining yourself in court. No, I’m serious, you need to be very careful when traveling, you understand, very careful.
Why don’t any of the carders work in Russia?
Pavlovich:
Does anyone from your group and your colleagues in general work in Russia, that is, do you steal from the Russians?
Carder:
No, we have this, I don’t know, some kind of unspoken rule, none of my friends, well, in general, the guys I know, none of them work in Russia, never steal from their own.
Pavlovich:
We had the same rule, you see, but now we see that lawyer Mironov, he was the hero of one of my episodes, he handled the case of hackers who stole money from Uralsib and Trust banks, specifically in Russia, that is, what is your opinion on this in general?
Carder:
I am against this. There are people who are ready to do this, and they probably understand all the risks of this kind of work, but I couldn’t.
Pavlovich:
But what is more here? Risk, or some kind of moral feeling, reluctance?
Carder:
Risks, probably, all the same. Well, that is, this is practically a direct path to the bottle.
Pavlovich:
To prison.
Carder:
To prison. I don’t know how many videos there are. If you, I don’t know, google carding, and there will be something from the videos about Russia, it will immediately tell how someone deceived someone on Avito. Any video with the work of Department K.
Who are they catching? They catch those who cheat, they scam guys on Avito for prepayment, they scam someone on Vkontakte, they find them very quickly, but they don’t deal with us, because we do not violate Russian laws, and none of us are going to do this.
Pavlovich:
Well, there are no victims in the Russian Federation, no one reports, if I get cheated on Avito, I won’t report, but someone else will. Naturally. Do you meet other carders in real life?
Carder:
Yes, a couple of times. With guys with whom we have been communicating for quite a long time. And such friendly relations, roughly speaking, have developed. Yes, we met a couple of times.
Pavlovich:
In my time, we also met all the time. Somewhere in different countries of the world we went on vacation together, spent holidays. We flew to visit each other all the time. But back then there was no such fear. You know, the authorities there did not know how to work on cybercriminals. But now they have all learned, and ours in principle a little, and Western ones as well. And then somehow the carders stopped meeting.
Why? I asked you if you meet others in real life?
Carder:
Yes, and not just me. Many.
How do carders communicate with each other?
Pavlovich:
And what means of communication do you use with each other then?
Carder:
Mainly Telegram, naturally, the most convenient.
Pavlovich:
Secret chats?
Carder:
No, regular ones. Well, they are simply not needed.
Pavlovich:
And do you believe that Telegram is not tapped, not recorded?
Carder:
And we do not violate the laws of the Russian Federation.
Pavlovich:
But those same Americans, for example, can monitor your chat, let's say, request all the logs from Durov, there, correspondence in your chat, in general, where you hang out with you carders?
Carder:
Yes, it is likely that they can do this, but they probably haven't done it yet.
Pavlovich:
What other means of communication? In my time, it was just ICQ, we also used Jabber.
Carder:
Some people still use Jabber. I mean, when I first started, everyone... Telegram wasn't that... I mean, two years ago, there weren't that many people on Telegram, and everyone had Jabber, naturally. Many sellers of some kind of material there still have links to their Jabber accounts. But mostly it's Telegram, because it's just convenient.
Pavlovich:
And probably safe.
Carder:
Probably safe.
Is it hard to get a credit card now, how much do they cost?
Pavlovich:
Look, is it difficult to get credit cards now, that is, numbers of other people's stolen credit bank cards in general, because 10-15 years ago, when I was doing this, one credit card number was sold wholesale for less than a dollar, that is, it could be 10 cents.
What are the prices now and is it easy to find stolen credit card numbers on the Internet?
Carder:
Of course, it's easy to find, there are also stores that sell retail mainly, and prices are from 5 to 50 dollars, let's say. Europe is more expensive, the USA is cheaper, Asia, something in between, this is inexpensive, up to 10 dollars, 10-15 dollars, this is the average price.
How many carders are there in the CIS countries now?
Pavlovich:
You see, in my time it was 10 cents, but prices have increased. And what can you say about the number of carders in the CIS in general? I'm just asking why, all sorts of Western journalists come to me all the time, they ask this question, and when I was active in cybercrime, we had the largest carding forum, it was 6,000 participants, now I see forums where there are 200 thousand participants, that is, have there become more cyber criminals in the CIS, in your opinion?
Much more, of course, but.
Carder:
Compared to your time, there are tens of thousands, well, hundreds, yes, that is, the largest forum specifically on carding, there are about 100 thousand people there.
Pavlovich:
Do you even sit on carding forums, hacker ones?
Carder:
I started there, but then I moved to Telegram and don't sit there anymore. There is no need for this, you can get anything you want in Telegram, all sellers are in Telegram.
Why do you need your own Telegram channel?
Pavlovich:
When I was studying your profile and composing questions for our conversation today, I saw that you have a channel on Telegram called Medellin, but Medellin is like in Colombia, like the Medellin cartel. But to be honest, I didn’t even have time to look there. What do you need this channel for? I only saw that it has 23 thousand subscribers. What do you post there anyway and what’s the story?
Carder:
The name, by the way, has nothing to do with drugs. I really regretted calling it that later, because many people associate it with drugs. So, if your friend notices that you’re subscribed to the Medellin channel, they’ll think it’s something about drugs. I was simply inspired by a film that I created less than a year ago. I was inspired by a film about Pablo Escobar, just like that. There I talk about what areas are being worked on now.
Will you be jailed for carding or not, I tell you.
Pavlovich:
Whether they’ll jail you for carding, it’s probably better for me to tell you.
Carder:
Well, yes, some current topics that are being worked on now. I leak some interesting methods, I just tell everything for beginners, roughly speaking, what I can share, such non-private, roughly speaking, information, but the one that not everyone knows.
Pavlovich:
Why do you need all this?
Carder:
I like writing articles, but naturally it is monetized, that is, this channel is not just like that.
Pavlovich:
How?
Carder:
Mainly by training in carding.
Do you sell carding training?
Pavlovich:
So you sell carding training?
Carder:
Yes. Well, many need a mentor, many need a team. It is impossible to work alone. I myself realized this when I started, when I started alone and sat there, reading hundreds of thousands of pages of old, maybe even from your time, manuals on working with cards and payment systems. You need friends in this area, and you need a mentor too. It would have been great if I had one at the time.
That's what I became.
Contents:
- Is carding alive?
- What is carding, who are carders?
- What carding trends are still alive today?
- How do they get other people's bank accounts?
- How do they steal money from bank accounts?
- How do carders work with PayPal?
- What brings the most money in carding?
- What other carding trends are relevant now, what are “logs”?
- How to choose a "log", how much does it cost, what does the price depend on?
- The main problems of carders
- What does the enroll look like now?
- How are things going in the "clothing" carding industry now?
- How did you get into carding?
- Why are you so careless about your safety?
- How Sergei PP will be imprisoned
- Why don't any carders work in Russia?
- How do carders communicate with each other?
- Is it difficult to get a credit card now, how much do they cost?
- How many carders are there in the CIS countries now?
- Why do you need your own telegram channel?
- Do you sell carding training?
Carder:
I take it upon myself to answer any questions you may have.
Pavlovich:
Is carding alive?
Carder:
Yes, it is. And hundreds of thousands of people are doing it. They just probably don’t know about me yet.
Pavlovich:
If you told this in an American court, they would just laugh so hard, shaking with handcuffs like that.
Carder:
Two years ago, I was still working at a normal job.
Pavlovich:
It’s better to learn English in advance, you know, it will come in handy for us.
Carder:
Well, a classic.
Is carding alive?
Pavlovich:
Friends, hello. Today is a new episode. You often asked me in the comments if carding is alive.
So I want to say that it is alive, and today we will have as our guest an active carder - a person who trains carders there, and in general we will talk about carding and cybercrime from my point of view, as it was before, because I have not been doing this for more than 10 years, and also how things are with carding now. So, in my studio, meet the guest, performing on the Internet under the pseudonym Sergey PP.
Now every week I will have one episode, and two. The first with an invited guest, like today. And in the second episode, I will be alone and I will talk about carding, cybercrime, hacking. We will go through the fans of the USSR, of course. There will be an episode with it, here it is on the right in the screenshot, so as not to miss new episodes.
Well, we begin. So, Sergey PP, tell me, firstly, is carding alive? This is the most common question, our subscribers often ask. And secondly, what exactly do you do in carding? Why are you wearing a mask? And anyway, why did you come here today?
Carder:
Yes, it is alive. And hundreds of thousands of people are doing it all over the world. And they are doing absolutely different directions, just like 10 years ago, just like 5. Every day there are more and more of them. I even contribute to this to some extent.
Which directions of carding are “alive” today?
Pavlovich:
Look, I don't do carding. Carding, I'll explain, if anyone doesn't know, is fraud with credit cards. That is, in the world of cybercrime, there is a clear division. There are hackers who hack banks, get, steal bank accounts, accounts from your Facebook, steal credit cards, numbers, dumps and so on. There are carders, that is, these are more scammers from the English word card, that is, a credit bank.
Carders are those who steal money directly from your bank accounts, from your credit cards received from hackers. And in my time, the main directions of carding were carding of goods, when you take the number of someone else's credit card, there are expiration dates, cvv code and order something in a Western online store. Then there was real plastic, when dumps were used, that is, pictures from the magnetic strip of your card.
A duplicate card was made, that is, a clone, yes, and it was carried around in stores, various goods were bought. That is, drops, specially trained people with documents in the same name, to which the cards were sent, were bought up in stores. Well, and also, of course, there were dumps with pin codes, well, there is generally no need for great intelligence, you go to any ATM and withdraw. Now, by the way, the Internet is full of ads for selling dumps with pin codes, but don't get fooled, as Boa, one of the leading carders, once said.
Now, by the way, he's finishing off the twenty in the US, he'll be free soon. The twenty. He said that a dump with a pin is like cash in your pocket, but no one has ever sold $100 for $20, unless, of course, they were made in Grozny or Tibiran. And there was another direction, back then it was just starting, well, spam, of course, has always existed, and stealing money from bank accounts, other people's, yes.
These are the main directions of carding that I witnessed and that were relevant 10 years ago.
What directions of carding are "alive" today?
Pavlovich:
Which of these are thriving now and some new directions, tell us, in which you work, which you are studying, perhaps, and which you just know about?
Carder:
But half of it is still alive, that is, naturally, the stuff, it hasn’t gone anywhere. And people also order stuff from other people’s cards on their drops and so on. Plus, working with bank accounts, that’s my main line of work. US bank accounts are merged, they are very easy, either to other accounts that you register yourself, or through some services, shells.
How do they get other people’s bank accounts?
Pavlovich:
Let’s start from the very beginning, where then, where do hackers and carders get other people’s bank accounts from?
Carder:
They get them the same way as 10 years ago, either by brute-forcing a password, or they use such a human weakness as setting the same passwords in different services. One of the services is merged with its database of logins and passwords, and this login and password will work for your bank account, and that’s it, the person has access to it.
Pavlovich:
Well, you mean, for example, hackers hack some forum where Facebook is registered, as always this Facebook leaks into the network, and it turns out that my login and password for Facebook will work for my bank account, right?
Carder:
For example, yes.
Pavlovich:
But you don’t know what my login and password are, you don’t know what bank I have an account in, you just pick and try to enter this login and password in all the banks of the world or what?
Carder:
No. This database of logins and passwords is run through software, some program for a specific bank. Software is written for each bank, and this database can be run under Chase Bank, Bank of America and some other bank. And in one of these banks, perhaps, your login and password will work.
Pavlovich:
And what is the percentage of success in this case? Not really. Well, one, I think, does not exceed 1-0.5 percent.
Carder:
Something like that.
How do they steal money from bank accounts?
Pavlovich:
Okay, you got access to someone else’s bank account, my login and password, let’s say, worked for the bank, what next? What steps do you take next?
Carder:
This login and password can be used to link to some application, some payment system, be it PayPal, Venom or some other US payment system, let's say, if you live in the US. And there are thousands of such services, applications, their number is growing every day.
Pavlovich:
That is, you can top up, you mean link my account to something, to AliExpress, to a mobile phone and top up from someone else's account, it turns out my balance, and then take it somewhere, right?
Carder:
Exactly, that's exactly what we do.
Pavlovich:
And how much per day, you say we, that is, you have an organized group or what?
Carder:
No, me and my colleagues, that is, I have a group of my former students, now colleagues, well, everyone works in their own direction, but we, naturally, intersect, there are not so many of them that we wander off too much.
Pavlovich:
So you steal money from unsuspecting Americans' bank accounts every day, right? Okay, and how much money are we talking about?
Carder:
Tens, maybe even hundreds of thousands of dollars a day.
Pavlovich:
Well, how much have you ever seen on one account at most?
Carder:
$20 million.
Pavlovich:
And how much have you managed to steal from that account?
Carder:
Only $4,000.
Pavlovich:
Okay, and the most you've ever personally stolen from someone else's bank account?
Carder: $
6.
Pavlovich:
$6,000?
Carder:
$6,000 at a time.
Pavlovich:
Why can't you steal everything, for example?
Carder:
Bank protection will not provide much, well, protection levels and so on. That is, the bank itself will not allow a large sum to be written off, it can call the owner and he will change the password, or the bank owner will receive a notification, for example, an SMS, or a notification by mail, he will change the login and password and that's it. It will recall the transaction. Or the service where we put this money in order to withdraw it later, it may not like such a large sum and it can request some verification, etc., which you will not be able to pass. That is, it will be some kind of call with secret questions.
Pavlovich:
And can I ask for my mother's maiden name?
Carder:
Classic.
Pavlovich:
And what other problems do you encounter with this? Well, the call is okay, but what about drawing up some documents?
Carder:
It's not a problem, I don't know how it was for renderers 10 years ago, but now it's so common that they can render any document for you in half an hour, be it a bank statement or a selfie with a driver's license.
Pavlovich:
And how much does it turn out, for example, can you personally process, steal, rob an American in a day?
Carder:
It's quite possible to process 10-20 bank accounts in a day. Each one can contain from several thousand dollars to hundreds of thousands of dollars.
How do carders work with PayPal?
Pavlovich:
Okay, this is one of the areas of your activity, but why? Why do you have a nickname on the Internet "Sergey PP" then? "PP" has always been a designation for PayPal.
Carder:
I started with this payment system when I first came to carding. I started working with this payment system, and it just so happened that I gave myself this nickname. Although I don't work with it as closely as before, I got attached, this nickname remained.
Pavlovich:
Tell me, I just from all the carder topics, this PayPal is probably the only topic that has passed me by. Tell me what they did with it and what they do with someone else's PayPal now.
Carder:
This is probably the most popular direction in general. This is the direction that the masses operate, which, say, 50% of the total mass of carders work in. Everyone loves this direction because it is simple. That is, for so many years they have not been able to, as it were, maintain such good protection, yes, it exists, but there is no such good protection to completely cut off fraudulent transactions.
And the first thing is that if a PayPal account falls into someone's hands, naturally the first thing they do is process it, then the banks and so on. What they do, the same thing. More than 18 million stores on the planet accept PayPal as a payment method.
Pavlovich:
Ebay, for example.
Carder:
The same Ebay, or some other services where you have a balance and can top it up, gift cards and so on. Lots and lots of simple things, you can even buy bitcoins with PayPal, the main thing is to find where.
Pavlovich:
They don't call? So it's easier to buy with PayPal, for example, than with someone else's credit card?
Carder:
Yes.
Pavlovich:
How?
Carder:
In the case of PayPal, there is no such strict verification, i.e. no verification by zip, i.e. by index in our language. The security system is worse than when working with credit cards, because it is a system used by millions of people, 200 million people with change all over the planet, and naturally they are trying to make it as simple as possible for people.
If it is complicated, no one will use it.
What brings in the most money in carding?
Pavlovich:
It is the most crooked payment system I have ever seen. I can't verify my passport there on the tenth try. PayPal, yes, and how much, for example, what brought you the most money, stealing from other people's bank accounts now, or stealing from other people's PayPal before?
Carder:
Of course now, I have much more experience. And with PayPal it was the same stuff. The direction I worked in was that same password selection, roughly speaking, stolen PayPal accounts. They did not give huge sums, these were small purchases in online stores in Germany, mainly England, the USA. Everything was brought here, sold and that was my income.
Pavlovich:
For what percentage of the purchase price did you discount here?
Carder:
I only brought highly liquid goods, i.e. Samsung SSDs, etc. They were sometimes sold at 80-90%, i.e. 500 rubles were knocked off the store price. And people called and asked, bring more.
Pavlovich:
For example, is an SSD a hard drive or what?
Carder:
Yes, yes. These are the things that are never discounted in stores, you can't snatch them up on sale, they are sometimes even hard to find.
What other carding trends are relevant now, what are "logs"?
Pavlovich:
And what other carding trends are relevant today?
Carder:
Of those that are in the masses, like PayPal, which any schoolchild can steal, roughly speaking, these are logs.
Pavlovich:
What are logs?
Carder:
This is all the data from your computer, you download, for example, a program to make your RAM work faster, it has a virus embedded in it that sends all the data from your computer to the person, the owner of this virus.
Pavlovich:
What do you mean by keyloggers?
Carder:
Cookies, passwords, desktop data, and so on.
Pavlovich:
But for this, the victim computer must first be infected.
Carder:
Well, yes, this is one of the most profitable areas in terms of providing work for carders, this traffic of people who will download your program, this is where a lot of money is made, on traffic.
Pavlovich:
So you mean, first you need to lure a person so that he installs this spyware that will steal all his data?
Carder:
Yes, because if you send this program by mail and no one downloads it.
Pavlovich:
There are dozens, hundreds of ways to lure a user to a site. Personally, for a 10-piece discount, I can come up with the same pop-unders that pop up in windows and so on.
Carder:
Force them to open an executable file? Yes, it's quite difficult. There are, or rather, I don't know, somewhere there are craftsmen who disguise these files as doc files, pdf and so on, but such a service costs several thousand dollars, and I don't know such craftsmen, but I've heard that such people exist.
Pavlovich:
What advice can you give to our law-abiding viewers in this regard?
Carder:
Don't download unverified files from the Internet, probably because of those same logs. Naturally, the logs of residents of the USA and Europe are used most often, but there are plenty of Russian ones there too, there are bad guys who can use data, not banking data, but some files, data stolen from your computer.
Pavlovich:
Where do you get the logs?
Carder:
Either they are sold by those who send out their malicious file. Those who either don't want to, or process the fattest part, and sell the rest. These are either sales, or you install it yourself.
Pavlovich:
You buy a malicious program, infect victims in the USA.
Carder:
But this is a criminal offense in the Russian Federation. This is the only direction among carding, roughly speaking, now, for which you can really go to jail.
Pavlovich:
Distribution of malware.
Carder:
And it doesn't matter what country you work in, the US, Europe, Russia, we'll dismiss it altogether, no one works in Russia, of all my friends, having this program or traces of it on your computer is a term in the Russian Federation. A long one. Maybe a conditional one, well, I think it's about 4 years for sure, I don't remember the article, but this is a term, this is the only area that I really don't recommend doing.
You can steal tens of thousands of dollars from US residents a month, but having this program alone, you can do nothing with it, this is a term in Russia.
Pavlovich:
Well, and here I should add, I just encountered and a lot of my friends encountered that stealing even from Russia from residents of the USA and rich countries of Western Europe then you should be very wary of going abroad at all, because in Russia the FBI agents, the US Secret Service cannot reach us, so look for yourself, read the Internet, all the most high-profile arrests of hackers, Russian spammers and other bad guys, they were on vacation, somewhere in Spain, Thailand, Holland, Turkey, the Maldives. Seleznev was arrested, I worked with him, by the way, he was given a 27-year sentence, a very talented hacker.
How to choose a "log", how much does it cost, what does the price depend on?
Pavlovich:
Where do they come from, where to get logs with all the banking information? Well, there is not only banking information, what else is there?
Carder:
At least anything, Facebook, all the passwords that are on your computer.
Pavlovich:
From mail there are all sorts?
Carder:
Yes, your wallet, bitcoins, blockchain, whatever.
Pavlovich:
But there will be a lot of stuff there, how can I filter it? How can I extract valuable information from the log, as you say?
Carder:
Just search for the links you need in it. You don’t have a million logins and passwords, I’m sure, maybe 100-200. This is the average number for a normal person. 100-200 login passwords. And you, naturally, immediately look for them in the search. It’s all in a text file. Login, password, login, password, and website.
Pavlovich:
Do you look manually or use a software analyzer?
Carder:
Either software or manually. That is, you can contact the seller and ask him for a specific link, that is, you found some payment system that you know how to drain. You can ask him to look in his log database for the link you need, and he will give you logs that contain the login and password for this payment system.
Pavlovich:
Well, and he will sell you all this, right?
Carder:
Well, and, naturally, the most popular is PayPal, and absolutely everyone works with it, it's simple.
Pavlovich:
And how much do these logs cost, yes, and how easy is it to find them?
Carder:
It's very easy to find. There are more than a dozen of these well-known stores. There are more than a dozen of them. They usually cost from 2-5 dollars to 20-30. For one log? Yes.
Pavlovich:
And what does the price depend on?
Carder:
On the availability of the necessary links. That is, let's say, the same log from PayPal will cost around 10 dollars. A log with a blockchain can be sold for 30 dollars, because there is a high probability that there is money on it and it will be very easy to take this money out, this is not usually sold.
Those who drive this traffic and extract logs, they process them themselves, that is, they have some people or some team that keeps the juiciest ones for themselves.
Pavlovich:
And so the simplest log with the American's data costs there? A couple of bucks. A couple of bucks, it turns out that this is complete inter-access to his identity, to all accounts in social networks, maybe to the bank?
Carder:
Yes.
Pavlovich:
And how much do logs with banking information cost, with access to bank accounts? Let's not take PayPal and crypto, for example? Also about 15 bucks.
The main problems of carders
Pavlovich:
The main problems when stealing money from other people's bank accounts and PayPal, for example?
Carder:
Well, naturally, this is two-factor authentication, which is being introduced almost everywhere now. But this is also easy to bypass, there are ways to get around it and so on.
Pavlovich:
Well, you mean when he receives an SMS on his phone, but how to get around it? That is, off the top of my head, one of the ways, I remember, we used it 20 years ago, is when you have access to his bank account, you change the phone to yours.
Carder:
This is one of the options, it's simple, the bank really does it that way. You can still change the number, but it will take some time for the bank to take it normally, leave it for 2-3 days and you can already receive SMS on your number.
Pavlovich:
In 2004, we changed the PIN code for the card like this, when there was a dump, for example. There is a dump, for example, with a last name, accordingly, you choose a dump with a very rare last name, which will be there for the whole of America, there are 1-2 people, you check it in the social security numbers database, you check it, accordingly, the data, because in order to gain access to his bank account, we did not get it from logs, like you do now, but we, it turns out, enroll his card, i.e. we opened access to online banking in his name and got it. That is, his card number is known, his first and last name are known, accordingly, in order to do this, to get access to his bank account, online banking, we needed MMN (Mother's Maiden Name). And when we found all this, accordingly, we got full access to his bank account and even changed the PIN code for the card.
We already have a dump. That is, we changed the PIN code, let it sit, i.e. as you are now letting these accounts sit, and then in 2 weeks we start removing PIN codes. Well, nothing complicated.
What does enrollment look like now?
Carder:
This direction still exists, enroll, it just looks a little different. That is, these are not dumps, but simply the card number, they select bins, which are the first 6 digits of the card, which are rolled, so to speak.
Pavlovich:
Well, that is, cards of certain banks in which you can get online access.
Carder:
Yes. And they also check your background, mother's maiden name, and so on, everything you listed.
And they also get online access at the bank, see your balance, see your account limits, that is, how much money you can withdraw at a time, you can also increase them, you don't even have to call, you can increase one transaction online, for example, so that you have not 2,000 dollars, but 5, and immediately write off 5,000 from this card.
How are things now in "clothing" carding?
Pavlovich:
And tell me then, how are things now in clothing carding, because in my time, 10-20 years ago it was very simple, that is, you have someone else's credit card number, expiration date, CVV code, respectively, name, surname, address, and you get in the store, when you buy any product in the West, as a rule, there were two fields. The first is the billing address, where you enter the information, that is, the address, zip code, index, phone number of the payer, the cardholder.
And the second is the shipping address, this is the delivery address, that is, where you enter your there, or your drop. And all this worked very successfully, and when I was doing this, there was no need to even change the IP address to an American one, they sent very often, that is, billing is not equal to shipping, accordingly, the IP address was yours, and your keyboard was Russian, and everything, and so it came, but now, as far as I know, everything has changed a lot, and this, naturally, will never work.
How are things with clothing carding now?
Carder:
Naturally, there are much fewer stores that send to different billing and shipping addresses, but they still exist, they can be found, but, naturally, you will not be able to do anything from a Russian IP at the moment, because there is a geolocation check and so on. But it's all very easy to change, it will cost you $1 to change your IP to the IP of a US resident, and living on the next street, using a proxy.
They cost $1-2 or more.
Pavlovich:
Do you do or did you do carding of goods?
Carder:
For fun, maybe now. Or if I really need some things, now Now I can buy everything for myself, earning on other topics. Earlier, yes, I started with carding of goods.
How did you get into carding?
Pavlovich:
And how did you get into carding?
Carder:
I got there by accident. I needed to block someone on VKontakte and they gave me a Darknet resource, well, naturally, I had never surfed such a thing, had never heard of it, I found what I was looking for, but such a thread as a carding offer caught my eye, this is one of the large resources in Brunet.
I started reading, studying, it became interesting, at that time I was working as a sales consultant in the clothing department and I saw the same things, but 50% cheaper, naturally it interested me, I started studying everything that was connected with this topic and literally in a couple of weeks I was already making my first entries, I got it very quickly. How many years ago was that? It was only two years ago.
Pavlovich:
So we can say that you have only been in carding for two years?
Carder:
Yes. Two years ago I was still working at a normal job.
Why are you so negligent about your safety?
Pavlovich:
At a legal one. You are wearing such a mask, yes, that in principle your face can be recognized quite easily. Plus Sergey PP is kind of easy to google on the Internet and so on. You even have Instagram, I was there. Why are you so careless about your safety? I just served 10 years in prison for cybercrime in Belarus, and I should have served 16.
Well, I succeeded. Accordingly, why are you so careless about this? What is this? I just can't wrap my head around it.
Carder:
I do not violate the laws of the Russian Federation, the laws of countries where extradition from Russia is possible. These are the CIS countries, the former USSR, and, roughly speaking, some moral qualities do not allow me to work in countries, roughly speaking, Slavic ones, that is, there, I don't know, personally, I morally cannot work in Poland, in any.
Well, in general, I work very little with Europe, mainly only the USA.
Pavlovich:
Well, by the way, this is a big mistake, do you know why? Because all my friends, hackers, they, colleagues. Everyone who is in prison, they are in prison specifically at the request of the USA. That is, Europe basically doesn't care, you stole something from them and that's it. But they do not forgive the USA. That is, when you stole some more or less reasonable amount from the US, half a million dollars or more, you became aware that they would find you, put you in jail, even after 10-20 years, you understand, they do not forgive.
So how do you even travel abroad then?
Carder:
I travel abroad, and to European countries, and there are no problems. They just probably don’t know about me yet. I am too little in this area, let’s say. I was somewhere, naturally, I am sure that I was noticed somewhere, because the money went somewhere and it was investigated, but perhaps somehow it did not reach me, my home addresses and so on, and plus I have to prove that it was me, as a citizen of the Russian Federation, who did this, and not someone there, sitting at my computer, or simply registered in my passport.
It is not difficult to register the Internet in someone else’s Russian passport. And this is one of the means of anonymization, so-called, i.e. do not register the Internet in your name.
How SergeyPP
Pavlovich will be imprisoned:
Well, you know, if you told something like that in an American court, it seems to me that they would just laugh a lot and say, look, and they shook these handcuffs at you. By the way, these handcuffs were given to me from America. I'm sure they would laugh for a long time. They would say, well, yes, yes, yes. What a coincidence that you were noticed, and someone got into your home computer, yes. Well, not you, of course, not you.
That's it. And, well, we all understand, but hold us for 20 years, let's say. Do you understand? Well, that is, it's a big illusion when, when we end up behind bars, for example, it's a big illusion, and you shouldn't joke like that especially in the USA, you shouldn't hope for justice, because there is great lawlessness everywhere, and especially in the USA, and if you stole something in the States, then in any case you will be punished by law or without.
Therefore, such a position that there is no direct evidence against me, and therefore, they will not prove anything, is disastrous. And it leads to very bad consequences, because no court, in any country in the world, will consider only one piece of direct evidence. Well, of course, it is one thing when you are caught red-handed, you have just shot a person in a crowd, 300 witnesses, you have gunpowder and a gun in your hands.
But it is a completely different matter when there is no direct evidence, but the court evaluates a set of small indirect evidence, you know, like a puzzle. That is, yes, there is no direct evidence that you stole, let's say. But there is something that points to you, there is the IP address of your city, which was subsequently found out there, that from your apartment there. Yes, the Internet is not on you, but your IP address. There are some accounts there, where you withdrew money, related to you. There is a photo of you in the clothes that you stole from you on social media. networks, you understand?
And this set of small pieces of evidence fits together like a puzzle and enables a judge, I repeat, in any country in the world to pass a guilty verdict. Therefore, if you are engaged in something criminal, especially against the United States, then you need to think before going to Europe next time and especially to countries that are friends with the United States, like England, Israel, Thailand especially, Spain and Germany, by the way, oddly enough, too.
So you need to be careful. You reassure yourself that I am not breaking Russian laws, but you have already broken 150 American laws. So don’t be surprised, and better yet, learn English in advance, it will come in handy when explaining yourself in court. No, I’m serious, you need to be very careful when traveling, you understand, very careful.
Why don’t any of the carders work in Russia?
Pavlovich:
Does anyone from your group and your colleagues in general work in Russia, that is, do you steal from the Russians?
Carder:
No, we have this, I don’t know, some kind of unspoken rule, none of my friends, well, in general, the guys I know, none of them work in Russia, never steal from their own.
Pavlovich:
We had the same rule, you see, but now we see that lawyer Mironov, he was the hero of one of my episodes, he handled the case of hackers who stole money from Uralsib and Trust banks, specifically in Russia, that is, what is your opinion on this in general?
Carder:
I am against this. There are people who are ready to do this, and they probably understand all the risks of this kind of work, but I couldn’t.
Pavlovich:
But what is more here? Risk, or some kind of moral feeling, reluctance?
Carder:
Risks, probably, all the same. Well, that is, this is practically a direct path to the bottle.
Pavlovich:
To prison.
Carder:
To prison. I don’t know how many videos there are. If you, I don’t know, google carding, and there will be something from the videos about Russia, it will immediately tell how someone deceived someone on Avito. Any video with the work of Department K.
Who are they catching? They catch those who cheat, they scam guys on Avito for prepayment, they scam someone on Vkontakte, they find them very quickly, but they don’t deal with us, because we do not violate Russian laws, and none of us are going to do this.
Pavlovich:
Well, there are no victims in the Russian Federation, no one reports, if I get cheated on Avito, I won’t report, but someone else will. Naturally. Do you meet other carders in real life?
Carder:
Yes, a couple of times. With guys with whom we have been communicating for quite a long time. And such friendly relations, roughly speaking, have developed. Yes, we met a couple of times.
Pavlovich:
In my time, we also met all the time. Somewhere in different countries of the world we went on vacation together, spent holidays. We flew to visit each other all the time. But back then there was no such fear. You know, the authorities there did not know how to work on cybercriminals. But now they have all learned, and ours in principle a little, and Western ones as well. And then somehow the carders stopped meeting.
Why? I asked you if you meet others in real life?
Carder:
Yes, and not just me. Many.
How do carders communicate with each other?
Pavlovich:
And what means of communication do you use with each other then?
Carder:
Mainly Telegram, naturally, the most convenient.
Pavlovich:
Secret chats?
Carder:
No, regular ones. Well, they are simply not needed.
Pavlovich:
And do you believe that Telegram is not tapped, not recorded?
Carder:
And we do not violate the laws of the Russian Federation.
Pavlovich:
But those same Americans, for example, can monitor your chat, let's say, request all the logs from Durov, there, correspondence in your chat, in general, where you hang out with you carders?
Carder:
Yes, it is likely that they can do this, but they probably haven't done it yet.
Pavlovich:
What other means of communication? In my time, it was just ICQ, we also used Jabber.
Carder:
Some people still use Jabber. I mean, when I first started, everyone... Telegram wasn't that... I mean, two years ago, there weren't that many people on Telegram, and everyone had Jabber, naturally. Many sellers of some kind of material there still have links to their Jabber accounts. But mostly it's Telegram, because it's just convenient.
Pavlovich:
And probably safe.
Carder:
Probably safe.
Is it hard to get a credit card now, how much do they cost?
Pavlovich:
Look, is it difficult to get credit cards now, that is, numbers of other people's stolen credit bank cards in general, because 10-15 years ago, when I was doing this, one credit card number was sold wholesale for less than a dollar, that is, it could be 10 cents.
What are the prices now and is it easy to find stolen credit card numbers on the Internet?
Carder:
Of course, it's easy to find, there are also stores that sell retail mainly, and prices are from 5 to 50 dollars, let's say. Europe is more expensive, the USA is cheaper, Asia, something in between, this is inexpensive, up to 10 dollars, 10-15 dollars, this is the average price.
How many carders are there in the CIS countries now?
Pavlovich:
You see, in my time it was 10 cents, but prices have increased. And what can you say about the number of carders in the CIS in general? I'm just asking why, all sorts of Western journalists come to me all the time, they ask this question, and when I was active in cybercrime, we had the largest carding forum, it was 6,000 participants, now I see forums where there are 200 thousand participants, that is, have there become more cyber criminals in the CIS, in your opinion?
Much more, of course, but.
Carder:
Compared to your time, there are tens of thousands, well, hundreds, yes, that is, the largest forum specifically on carding, there are about 100 thousand people there.
Pavlovich:
Do you even sit on carding forums, hacker ones?
Carder:
I started there, but then I moved to Telegram and don't sit there anymore. There is no need for this, you can get anything you want in Telegram, all sellers are in Telegram.
Why do you need your own Telegram channel?
Pavlovich:
When I was studying your profile and composing questions for our conversation today, I saw that you have a channel on Telegram called Medellin, but Medellin is like in Colombia, like the Medellin cartel. But to be honest, I didn’t even have time to look there. What do you need this channel for? I only saw that it has 23 thousand subscribers. What do you post there anyway and what’s the story?
Carder:
The name, by the way, has nothing to do with drugs. I really regretted calling it that later, because many people associate it with drugs. So, if your friend notices that you’re subscribed to the Medellin channel, they’ll think it’s something about drugs. I was simply inspired by a film that I created less than a year ago. I was inspired by a film about Pablo Escobar, just like that. There I talk about what areas are being worked on now.
Will you be jailed for carding or not, I tell you.
Pavlovich:
Whether they’ll jail you for carding, it’s probably better for me to tell you.
Carder:
Well, yes, some current topics that are being worked on now. I leak some interesting methods, I just tell everything for beginners, roughly speaking, what I can share, such non-private, roughly speaking, information, but the one that not everyone knows.
Pavlovich:
Why do you need all this?
Carder:
I like writing articles, but naturally it is monetized, that is, this channel is not just like that.
Pavlovich:
How?
Carder:
Mainly by training in carding.
Do you sell carding training?
Pavlovich:
So you sell carding training?
Carder:
Yes. Well, many need a mentor, many need a team. It is impossible to work alone. I myself realized this when I started, when I started alone and sat there, reading hundreds of thousands of pages of old, maybe even from your time, manuals on working with cards and payment systems. You need friends in this area, and you need a mentor too. It would have been great if I had one at the time.
That's what I became.
