CardersMarket
   HOME

TheInfoList



OR:

Carding is a term describing the
trafficking Smuggling is the illegal transportation of objects, substances, information or people, such as out of a house or buildings, into a prison, or across an international border, in violation of applicable laws or other regulations. There are variou ...
and unauthorized use of
credit cards A credit card is a payment card issued to users (cardholders) to enable the cardholder to pay a merchant for goods and services based on the cardholder's accrued debt (i.e., promise to the card issuer to pay them for the amounts plus the o ...
. The stolen credit cards or credit card numbers are then used to buy prepaid gift cards to cover up the tracks. Activities also encompass
exploitation Exploitation may refer to: *Exploitation of natural resources *Exploitation of labour ** Forced labour *Exploitation colonialism *Slavery **Sexual slavery and other forms *Oppression *Psychological manipulation In arts and entertainment * Exploi ...
of
personal data Personal data, also known as personal information or personally identifiable information (PII), is any information related to an identifiable person. The abbreviation PII is widely accepted in the United States, but the phrase it abbreviates ha ...
, and
money laundering Money laundering is the process of concealing the origin of money, obtained from illicit activities such as drug trafficking, corruption, embezzlement or gambling, by converting it into a legitimate source. It is a crime in many jurisdiction ...
techniques. Modern carding sites have been described as full-service commercial entities.


Acquisition

There are a great many of methods to acquire
credit card A credit card is a payment card issued to users (cardholders) to enable the cardholder to pay a merchant for goods and services based on the cardholder's accrued debt (i.e., promise to the card issuer to pay them for the amounts plus the o ...
and associated financial and personal data. The earliest known carding methods have also included "trashing" for financial data, raiding mail boxes and working with insiders. Some
bank card number A payment card number, primary account number (PAN), or simply a card number, is the card identifier found on payment cards, such as credit cards and debit cards, as well as stored-value cards, gift cards and other similar cards. In some situ ...
s can be semi-automatically generated based on known sequences via a "BIN attack". Carders might attempt a "distributed guessing attack" to discover valid numbers by submitting numbers across a high number of ecommerce sites simultaneously. Today, various methodologies include skimmers at ATMs, hacking or
web skimming Web skimming, formjacking or a magecart attack is an attack where the attacker injects malicious code into a website and extracts data from an HTML form that the user has filled in. That data is then submitted to a server under control of the at ...
an
ecommerce E-commerce (electronic commerce) is the activity of electronically buying or selling of products on online services or over the Internet. E-commerce draws on technologies such as mobile commerce, electronic funds transfer, supply chain manag ...
or
payment processing A payment processor is a system that enables financial transactions, commonly employed by a merchant, to handle transactions with customers from various channels such as credit cards and debit cards or bank accounts. They are usually broken dow ...
site or even intercepting card data within a
point of sale The point of sale (POS) or point of purchase (POP) is the time and place at which a retail transaction is completed. At the point of sale, the merchant calculates the amount owed by the customer, indicates that amount, may prepare an invoice f ...
network. Randomly calling hotel room phones asking guests to "confirm" credit card details is example of a
social engineering Social engineering may refer to: * Social engineering (political science), a means of influencing particular attitudes and social behaviors on a large scale * Social engineering (security), obtaining confidential information by manipulating and/or ...
attack vector.


Resale

Stolen data may be bundled as a "Base" or "First-hand base" if the seller participated in the theft themselves. Resellers may buy "packs" of dumps from multiple sources. Ultimately, the data may be sold on
darknet markets A darknet market is a commercial website on the dark web that operates via darknets such as Tor or I2P. They function primarily as black markets, selling or brokering transactions involving drugs, cyber-arms, weapons, counterfeit currency, sto ...
and other carding sites and
forums Forum or The Forum (plural forums or fora) may refer to: Common uses *Forum (legal), designated space for public expression in the United States *Forum (Roman), open public space within a Roman city ** Roman Forum, most famous example *Internet ...
specialising in these types of illegal goods. Teenagers have gotten involved in fraud such as using card details to order pizzas. On the more sophisticated of such sites, individual "dumps" may be purchased by zip code and country so as to avoid alerting banks about their misuse. Automatic checker services perform validation en masse in order to quickly check if a card has yet to be blocked. Sellers will advertise their dump's "valid rate", based on estimates or checker data. Cards with a greater than 90% valid rate command higher prices. "Cobs" or changes of billing are highly valued, where sufficient information is captured to allow redirection of the registered card's billing and shipping addresses to one under the carder's control. Full identity information may be sold as "Fullz" inclusive of social security number, date of birth and address to perform more lucrative
identity theft Identity theft occurs when someone uses another person's personal identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes. The term ''identity theft'' was c ...
. Fraudulent vendors are referred to as "rippers", vendors who take buyer's money then never deliver. This is increasingly mitigated via forum and store based feedback systems as well as through strict site invitation and referral policies. Whilst some Carding Forums will exist only on the
dark web The dark web is the World Wide Web content that exists on '' darknets'': overlay networks that use the Internet but require specific software, configurations, or authorization to access. Through the dark web, private computer networks can commu ...
, today most exist on the
internet The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a ''internetworking, network of networks'' that consists ...
, and many will use the
Cloudflare Cloudflare, Inc. is an American content delivery network and DDoS mitigation company, founded in 2009. It primarily acts as a reverse proxy between a website's visitor and the Cloudflare customer's hosting provider. Its headquarters are in San ...
network protection service. ''Estimated per card prices, in US$, for stolen payment card data 2015''


Cash out

Funds from stolen cards themselves may be cashed out via buying pre-paid cards,
gift card A gift card also known as gift certificate in North America, or gift voucher or gift token in the UK is a prepaid stored-value card, stored-value money card, usually issued by a retailer or bank, to be used as an alternative to cash for purcha ...
s or through reshipping goods through mules then
e-fencing A fence, also known as a receiver, mover, or moving man, is an individual who knowingly buys stolen goods in order to later resell them for profit. The fence acts as a middleman between thieves and the eventual buyers of stolen goods who may no ...
through
online marketplace An online marketplace (or online e-commerce marketplace) is a type of e-commerce website where product or service information is provided by multiple third parties. Online marketplaces are the primary type of multichannel ecommerce and can be a wa ...
s like
eBay eBay Inc. ( ) is an American multinational e-commerce company based in San Jose, California, that facilitates consumer-to-consumer and business-to-consumer sales through its website. eBay was founded by Pierre Omidyar in 1995 and became ...
. Increased law enforcement scrutiny over reshipping services has led to the rise of dedicated criminal operations for reshipping stolen goods. Hacked computers may be configured with
SOCKS A sock is a piece of clothing worn on the feet and often covering the ankle or some part of the calf. Some types of shoes or boots are typically worn over socks. In ancient times, socks were made from leather or matted animal hair. In the lat ...
proxy software to optimise acceptance from payment processors.


Money laundering

The 2004 investigation into the ShadowCrew forum also led to investigations of the online payment service
E-gold e-gold was a digital gold currency operated by Gold & Silver Reserve Inc. (G&SR) that allowed users to open an account on their web site denominated in grams of gold, or other precious metals, and that let users make instant transfers of value ( ...
that had been launched in 1996, one of the preferred money transfer systems of carders at the time. In December 2005 its owner Douglas Jackson's house and businesses were raided as a part of "Operation Goldwire". Jackson discovered that the service had become a bank and transfer system to the criminal underworld. Pressured to disclose ongoing records disclosed to law enforcement, many arrests were made through to 2007. However, in April 2007 Jackson himself was indicted for money laundering, conspiracy and operating an unlicensed money transmitting business. This led to the service freezing the assets of users in "high risk" countries and coming under more traditional financial regulation. Since 2006,
Liberty Reserve Liberty Reserve was a Costa Rica-based centralized digital currency service that billed itself as the "oldest, safest and most popular payment processor, serving millions all around a world". The site had over one million users when it was shut ...
had become a popular service for cybercriminals. When it was seized in May 2013 by the US government, this caused a major disruption to the cybercrime ecosystem. Today, some carders prefer to make payment between themselves with
bitcoin Bitcoin ( abbreviation: BTC; sign: ₿) is a decentralized digital currency that can be transferred on the peer-to-peer bitcoin network. Bitcoin transactions are verified by network nodes through cryptography and recorded in a public di ...
, as well as traditional wire services such as
Western Union The Western Union Company is an American multinational financial services company, headquartered in Denver, Colorado. Founded in 1851 as the New York and Mississippi Valley Printing Telegraph Company in Rochester, New York, the company ch ...
,
MoneyGram MoneyGram International, Inc. is an American cross-border P2P payments and money transfer company based in the United States with headquarters in Dallas, Texas. It has an operations center in St. Louis Park, Minnesota and regional and local off ...
or the Russian
WebMoney WebMoney is an online payment settlement system established in Russia in 1998. It is one of the largest electronic payments processors in Russia by number of users, with the company reporting 45 million registered accounts and 300,000 active week ...
service.


Related services

Many forums also provide related
computer crime A cybercrime is a crime that involves a computer or a computer network.Moore, R. (2005) "Cyber crime: Investigating High-Technology Computer Crime," Cleveland, Mississippi: Anderson Publishing. The computer may have been used in committing t ...
services such as
phishing Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious softwar ...
kits,
malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, de ...
and spam lists. They may also act as a distribution point for the latest fraud tutorials either for free or commercially. ICQ was at one point the instant messenger of choice due to its anonymity as well as MSN clients modified to use Pretty Good Privacy, PGP. Carding related sites may be hosted on botnet based fast flux web hosting for resilience against law enforcement action. Other account types like PayPal, Uber, Netflix and loyalty card points may be sold alongside card details. Logins to many sites may also be sold as a Backdoor (computing), backdoor access apparently for major institutions such as banks, universities and even industrial control systems. For
gift card A gift card also known as gift certificate in North America, or gift voucher or gift token in the UK is a prepaid stored-value card, stored-value money card, usually issued by a retailer or bank, to be used as an alternative to cash for purcha ...
fraud, retailers are prone to be exploited by fraudsters in their attempts to steal gift cards via bot technology or through stolen credit card information. In the context of carding fraud, using stolen credit card data to purchase gift cards is becoming an increasingly common money laundering tactic. Another way gift card fraud occurs is when a retailer's online systems which store gift card data undergo brute force attacks from automated bots. Tax refund fraud is an increasingly popular method of using identify theft to acquire prepaid cards ready for immediate cash out. Popular coupons may be counterfeited and sold also. Personal information and even medical records are sometimes available. Theft and gift card fraud may operated entirely independently of online carding operations. Cashing out in gift cards is very common as well, as "discounted gift cards" can be found for sale anywhere, making it an easy sale for a carder, and a very lucrative operation. The Google hacks popularly known as Google dorks for credit card details are also used vastly in getting credit card details


History


1980s–1999

Since the 1980s in the days of the Bulletin board system, dial-up BBSes, the term ''carding'' has been used to describe the practices surrounding credit card fraud. Methods such as "trashing", raiding mail boxes and working with insiders at stores were cited as effective ways of acquiring card details. Use of Dead drop, drops at places like abandoned houses and apartments or with persuadable neighbors near such a location were suggested. Social engineering (security), Social engineering of mail order sales representatives are suggested in order to provide passable information for card not present transactions. Characters such as "The Video Vindicator" would write extensive guides on "Carding Across America", burglary, fax fraud, supporting phreaking, and advanced techniques for maximizing profits. During the 1980s, the majority of Hacker (computer security), hacker arrests were attributable to carding-related activities due to the relative maturity of financial laws compared to emerging computer regulations. Started in 1989, by 1990 Operation Sundevil was launched by the United States Secret Service to crack down on use of BBS groups involved in credit card fraud and other illegal computer activities, the most highly publicised action by the US federal government against hackers at the time. The severity of the crack down was so much that the Electronic Frontier Foundation was formed in response to the violation of civil liberties. In the mid-1990s with the rise of AOL dial-up accounts, the AOHell software became a popular tool for
phishing Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious softwar ...
and stealing information such as credit card details from new Internet users. Such abuse was exacerbated because prior to 1995 AOL did not validate subscription credit card numbers on account creation. Abuse was so common AOL added "''no one working at AOL will ask for your password or billing information''" to all instant messenger communications. Only by 1997 when warez and phishing were pushed off the service did these types of attacks begin to decline. December 1999 featured an unusual case of extortion when Maxim, a Russian 19-year-old, stole the 25,000 users' card details from CD Universe and demanded $100,000 for its destruction. When the ransom was not paid, the information was leaked on the Internet. One of the first books written about carding, ''100% Internet Credit Card Fraud Protected'', featured content produced by "Hawk" of carding group "Universal Carders". It described the spring 1999 hack and credit card theft on CyberCash, Inc., CyberCash, the stratification of carder proficiencies (script kiddie through to professionals) common purchases for each type and basic
phishing Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious softwar ...
schemes to acquire credit card data. By 1999, United States offline and online credit card fraud annual losses were estimated at between $500,000 and $2 million.


2000–2006

From the early 2000s, sites lik
"The Counterfeit Library"
also functioning as a diploma mill, grew to prominence, with many of its members going on to join larger cybercrime websites in later years until its closure around September 2004. In 2001, Russian speaking hackers founded CarderPlanet in Odessa which would go on to be one of the most notorious forums of its kind. In the summer of 2003, separate US secret service and FBI investigations led to the arrest the top administrator Albert Gonzalez of the large ShadowCrew, turned informant as a part of "Operation Firewall". By March 2004, the administrator of "CarderPlanet" disappeared with Gonzalez taking over. In October 2004 dozens of ShadowCrew members were busted across the US and Canada. Carder's speculate that one of the USSS infiltrators might have been detected by a fellow site member causing the operation to be expedited. Ultimately, the closure of ShadowCrew and CarderPlanet did not reduce the degree of fraud and led to the proliferation of smaller sites. ShadowCrew admin Brett Shannon Johnson managed to avoid being arrested at this time, but was picked up in 2005 on separate charges then turned informant. Continuing to commit tax fraud as an informant, "Operation Anglerphish" embedded him as admins on both ScandinavianCarding and CardersMarket. When his continued carding activities were exposed as a part of a separate investigation in 2006, he briefly went on the run before being caught for good in August of that year. In June 2005, the credit card processing company CardSystems Solutions, CardSystems was hacked in what was at the time the largest personal information breach in history with many of the stolen information making its way to carding sites. Later in 2007, the TJX Companies breach perpetuated by Albert Gonzalez (who was still an informant at the time) would only come to the public's attention after stolen cards detected being misused to buy large amounts of gift cards. Gonzalez's 2008, intrusion into Heartland Payment Systems#Security breach, Heartland Payment Systems to steal card data was characterized as the largest ever criminal breach of card data. Also in June 2005, United Kingdom, UK-based carders were found to be collaborating with Russian mafia and arrested as a result of a National Hi-Tech Crime Unit investigation, looking into Eastern European crime syndicates. Some time in 2005, J. Keith Mularski from the National Cyber-Forensics and Training Alliance, NCFTA headed up a sting into popular English language site DarkMarket, DarkMarket.ws. One of the few survivors of "Operation Firewall", Mularski was able to infiltrate the site via taking over the handle "Master Splyntr", an Eastern European spammer named Pavel Kaminski. In late 2006 the site was hacked by Max Butler, who detected user "Master Splyntr" had logged in from the NCFTA's offices, but the warning was dismissed as inter-forum rivalry. In 2007 details of the operation was revealed to German national police, that the NCFTA had successfully penetrated the forum's inner "family". By October 4, 2007, Mularski announced he was shutting the site due to unwanted attention from a fellow administrator, framed as "too much attention" from law enforcement. For several years following site closure multiple arrests were made internationally. From 2004 through to 2006, CardersMarket assimilated various rival forums through marketing, hacking databases. Arrested in 2007, in 2010 the site's owner Max Butler was sentenced to 13 years in prison.


2007–present

Since 2007 to present, Operation Open Market, an operation run by the Homeland Security Investigations, HIS and the United States Secret Service, USSS has targeted the primarily Russian language Carder.su organisation, believed to be operating out of Las Vegas. In 2011, alleged site owner Roman Seleznev was apprehended in the Maldives by US law enforcement and in 2012, identity thief David Ray Camez was arrested and charged in an unprecedented use of Racketeer Influenced and Corrupt Organizations Act, RICO legislation. Horohorin Vladislav, identified as BadB in November 2009 in a sealed indictment from the United States attorney's office was arrested in 2010 by United States Secret Service Uniformed Division, USSS in Nice, France. Vladislav created the first fully automated credit card shop and managed websites associates with stolen credit card numbers. Horohorin Vladislav is also known for being first cyber criminal to promote his illegal activities by creating video cartoons ridiculing American card holders. In 2011, former Bulgarian ShadowCrew member Aleksi Kolarov (also known as "APK") was finally arrested and held in Paraguay before being extradited to the United States in 2013 to face charges. In March 2012, the United States Secret Service took down Kurupt.su, and arrested David Schrooten (also known as "Fortezza" and "Xakep") in Romania, he was extradited to the United States and sentenced to serve 12 years in federal prison. Primarily for his role in trafficking credit cards he obtained by hacking other hackers. In June 2012, the FBI seized carding and hacking forums UGNazi, UGNazi.com and Carders.org in a Sting operation, sting as a part of a 2-year investigation dubbed Operation Card Shop after setting up a Honeypot (computing), honeypot forum at carderprofit.cc. In August 2013, hacker and carding forum HackBB was taken down as part of the raid on Freedom Hosting. In January 2014, fakeplastic.net was closed following an investigation by the United States Postal Service, US postal service and FBI, after collating previously seized information from TorMail, ShadowCrew and
Liberty Reserve Liberty Reserve was a Costa Rica-based centralized digital currency service that billed itself as the "oldest, safest and most popular payment processor, serving millions all around a world". The site had over one million users when it was shut ...
. This led to multiple arrests and prosecutions as well as the site's closure. A 2014 report from Group-IB, suggested that Russian cybercriminals could be making as much as $680 million a year based on their market research. In December 2014, the Tor (network), Tor based Tor Carding Forum closed following a site hack, with its administrator "Verto" directing users to migrate to the Evolution (marketplace), Evolution darknet market's forums which would go on to be the largest darknet market exit scam ever seen. "Alpha02", who was notorious for his carding guides, went on to found the AlphaBay Market, AlphaBay darknet market, the first to ever deal in stolen Uber accounts. The site is working on rebuilding the damage to the reputation of markets founded by carders precipitated by the Evolution (marketplace), Evolution scam. Meanwhile, most Russian carders selling details do not trust the darknet markets due to the high level of law enforcement attention; however, buyers are more open. Ercan Findikoğlu, also known as "Segate" and "Predator", with others, led an international conspiracy, stole $55 million by hacking ATM card issuers and making fraudulent cards and was sentenced to eight years in prison by a federal court. Findikoğlu, a Turkish national, with a Russian wife, Alena Kovalenko, avoided capture by obscuring his cyber fingerprints and avoiding the reach of American law, but he went to Germany in December 2013, was arrested, lost a court challenge, and was extradited. Findikoğlu, as a youngster honed his skills in cyber cafes, the Turkish military, and then masterminded three complex, global financial crimes by hacking into credit card processors, eliminating the limits on prepaid cards then sending PINs and access codes to teams of cashers who, within hours withdrew cash from ATMs. In December 2012, 5,000 cashers in 20 countries withdrew $5 million, $400,000 in 700 transactions from 140 New York ATMs, in 150 minutes. Stolen cash was kicked back via wire transfers and deliveries to Turkey, Romania and Ukraine. Vladimir Drinkman, 34, a cohort of Albert Gonzalez, pleaded guilty in Camden, New Jersey, that he got credit card numbers from Heartland Payment Systems, 7-Eleven, Hannaford Bros, Nasdaq, Carrefour, JetBlue, and other companies from 2005 to 2012. (U.S. v. Drinkman, 09-cr-00626, U.S. District Court, District of New Jersey (Camden)) In February 2018, the Infraud Organization was revealed.


Contemporary situation

In more recent years, Russian language forums have gained dominance over English language ones, with the former considerably more adept at identifying security researchers and counterintelligence activities and strict invitation systems. Russia's lack of extradition treaty with the United States has made the country somewhat of a safe haven of cyber criminals, with the Russian foreign ministry going so far as to recommend citizens not travel abroad to countries with such treaties. Investigative journalist Brian Krebs has extensively reported on Russian carders as an ongoing game of cat and mouse.


See also

*Darknet market *Fence (criminal), Fencing *Identity theft *Internet fraud


References


Further reading

* *


External links

* http://textfiles.com/anarchy/CARDING {{Privacy Carding (fraud), Internet fraud Dark web Identity theft Money laundering Credit cards Organized crime activity Types of cyberattacks