DarkMarket Carding (Credit Card Fraud) Site Part of FBI Sting


You may remember the story about the Pro ATM Hacker ‘Chao’ and his Tips a while back, apparently that was the start of a big global sting operation on credit card fraud.

Chao was admin/moderator on a community of carders (where they bought/sold stolen credit card info) called DarkMarket and the first to be busted, it turns out the site was actually ran by an FBI agent (J. Keith Mularski AKA Master Splynter) and operated by the National Cyber Forensics Training Alliance (NCFTA)

There have been many reports this week that fraud website DarkMarket, which closed earlier this month, was shut down because of an international intelligence operation, which has lead to up to 60 people being arrested.

All is not as it seems, however, as CNET is stating that the website was all part of an FBI sting operation. It all stems from an article in Wired, where they uncovered that the webmaster of the site was non other than J. Keith Mularski, a senior FBI agent, going under the guise of Master Splynter.

Splynter wrote on the site, just before its demise: “I guess it was only time before this would happen. It is very unfortunate that we have come to this situation, because … we have established DM as the premier English speaking forum for conducting business. Such is life. When you are on top, people try to bring you down.”

There have been multiple arrests in UK following the sting, it seems like this was a very long and rather successful operation taking down a number of key players.

60 arrests is a pretty decent number, each of them must have perpetrated quite a lot of fraud so you can imagine the money being saved with these guys behind bars.

The elaborate ruse is backed up by information uncovered by Südwestrundfunk, a German radio network, who found out the site was being operated by the National Cyber Forensics Training Alliance (NCFTA).

Sting or not, the closing down of the website has lead to 60 arrests, with one person charged with purchasing £250,000 pounds’ worth of stolen data in under two months.

Recent arrests in the UK have so far been made in Leicester, Manchester, Humberside, South Yorkshire and London. DarkMarket administrator Cagatay Evyapan, aka Cha0, was arrested by Turkish police at the beginning of September.

That’s a lot of stolen cards, I wonder how they even get all this information? I guess they have multiple ways with online info being exposed…a lot of the hacks don’t even get published, just covered up.

Then oldskool physical methods like tagging/cloning in petrol stations and restaurants, rigging ATM machines and just plain stealing the cards from the mail.

Source: Techradar (Thanks Navin!)

Posted in: Legal Issues, Privacy, Spammers & Scammers


Latest Posts:


RandIP - Network Mapper To Find Servers RandIP – Network Mapper To Find Servers
RandIP is a nim-based network mapper application that generates random IP addresses and uses sockets to test whether the connection is valid or not with additional tests for Telnet and SSH.
Nipe - Make Tor Default Gateway For Network Nipe – Make Tor Default Gateway For Network
Nipe is a Perl script to make Tor default gateway for network, this script enables you to directly route all your traffic from your computer to the Tor network.
Mosca - Manual Static Analysis Tool To Find Bugs Mosca – Manual Static Analysis Tool To Find Bugs
Mosca is a manual static analysis tool written in C designed to find bugs in the code before it is compiled, much like a grep unix command.
Slurp - Amazon AWS S3 Bucket Enumerator Slurp – Amazon AWS S3 Bucket Enumerator
Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan externally or an AWS API to scan internally.
US Government Cyber Security Still Inadequate US Government Cyber Security Still Inadequate
Surprise, surprise, surprise - an internal audit of the US Government cyber security situation has uncovered widespread weaknesses, legacy systems and poor adoption of cyber controls and tooling.
BloodHound - Hacking Active Directory Trust Relationships BloodHound – Hacking Active Directory Trust Relationships
BloodHound is for hacking active directory trust relationships and it uses graph theory to reveal the hidden and often unintended relationships within an AD environment.


7 Responses to DarkMarket Carding (Credit Card Fraud) Site Part of FBI Sting

  1. Navin October 20, 2008 at 6:26 pm #

    Again and again

    Cheers :) !!

  2. Morgan Storey October 20, 2008 at 11:39 pm #

    Ah good old honeypots for id theft. Next they need to setup a bank, make it corporate only minimum 1mill balance and have a bot army doing fake logins, then watch for the mitm attacks.

  3. Gul October 21, 2008 at 8:24 am #

    Hooray for NCFTA :)

  4. navin October 21, 2008 at 2:00 pm #

    Gul said ‘Hooray for NCFTA’

    hehehehehe :)

  5. Gul October 21, 2008 at 3:06 pm #

    Might have congratulate SpamHaus for their fake data on Mularski too ;)

  6. goodpeople October 27, 2008 at 8:37 am #

    Strike one for the good guys…

  7. zakowako January 18, 2009 at 11:46 am #

    there was a fake bank set up with no protection on it to see how many attacks (and what types) would be performed on it and how quickly. i cant remember the exact number but it was v.funny.

    GOOD ol WIRED