Navigation



DarkMarket Carding (Credit Card Fraud) Site Part of FBI Sting

Last updated: September 9, 2015 | 13,585 views

Use Netsparker


You may remember the story about the Pro ATM Hacker ‘Chao’ and his Tips a while back, apparently that was the start of a big global sting operation on credit card fraud.

Chao was admin/moderator on a community of carders (where they bought/sold stolen credit card info) called DarkMarket and the first to be busted, it turns out the site was actually ran by an FBI agent (J. Keith Mularski AKA Master Splynter) and operated by the National Cyber Forensics Training Alliance (NCFTA)

There have been many reports this week that fraud website DarkMarket, which closed earlier this month, was shut down because of an international intelligence operation, which has lead to up to 60 people being arrested.

All is not as it seems, however, as CNET is stating that the website was all part of an FBI sting operation. It all stems from an article in Wired, where they uncovered that the webmaster of the site was non other than J. Keith Mularski, a senior FBI agent, going under the guise of Master Splynter.

Splynter wrote on the site, just before its demise: “I guess it was only time before this would happen. It is very unfortunate that we have come to this situation, because … we have established DM as the premier English speaking forum for conducting business. Such is life. When you are on top, people try to bring you down.”

There have been multiple arrests in UK following the sting, it seems like this was a very long and rather successful operation taking down a number of key players.

60 arrests is a pretty decent number, each of them must have perpetrated quite a lot of fraud so you can imagine the money being saved with these guys behind bars.

The elaborate ruse is backed up by information uncovered by Südwestrundfunk, a German radio network, who found out the site was being operated by the National Cyber Forensics Training Alliance (NCFTA).

Sting or not, the closing down of the website has lead to 60 arrests, with one person charged with purchasing £250,000 pounds’ worth of stolen data in under two months.

Recent arrests in the UK have so far been made in Leicester, Manchester, Humberside, South Yorkshire and London. DarkMarket administrator Cagatay Evyapan, aka Cha0, was arrested by Turkish police at the beginning of September.

That’s a lot of stolen cards, I wonder how they even get all this information? I guess they have multiple ways with online info being exposed…a lot of the hacks don’t even get published, just covered up.

Then oldskool physical methods like tagging/cloning in petrol stations and restaurants, rigging ATM machines and just plain stealing the cards from the mail.

Source: Techradar (Thanks Navin!)

Share1
Tweet
+1
Share
1 Shares
Posted in: Legal Issues, Privacy, Spammers & Scammers


Latest Posts:


SCADA Hacking - Industrial Systems Woefully Insecure SCADA Hacking – Industrial Systems Woefully Insecure
June 20, 2018 - Shares
airgeddon - Wireless Security Auditing Script airgeddon – Wireless Security Auditing Script
Airgeddon is a Bash powered multi-use Wireless Security Auditing Script for Linux systems with an extremely extensive feature list.
June 18, 2018 - Shares
Acunetix v12 - Pause & Resume Acunetix v12 – More Comprehensive More Accurate & 2x Faster
Acunetix, the pioneer in automated web application security software, has announced the release of Acunetix v12 - more comprehensive, accurate & 2x faster.
May 23, 2018 - 80 Shares
CloudFrunt - Identify Misconfigured CloudFront Domains CloudFrunt – Identify Misconfigured CloudFront Domains
CloudFrunt is a Python-based tool for identifying misconfigured CloudFront domains, it uses DNS and looks for CNAMEs which may be allowed to be associated with CloudFront distributions.
May 19, 2018 - 115 Shares
Airbash - Fully Automated WPA PSK Handshake Capture Script Airbash – Fully Automated WPA PSK Handshake Capture Script
Airbash is a POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing, it is compatible with Bash and Android Shell.
May 10, 2018 - 157 Shares
XXEinjector - Automatic XXE Injection Tool For Exploitation XXEinjector – Automatic XXE Injection Tool For Exploitation
XXEinjector is an XXE Injection Tool that automates retrieving files using direct and out of band methods. Directory listing only works in Java applications.
May 5, 2018 - 306 Shares


7 Responses to DarkMarket Carding (Credit Card Fraud) Site Part of FBI Sting

  1. Navin October 20, 2008 at 6:26 pm #

    Again and again

    Cheers :) !!

  2. Morgan Storey October 20, 2008 at 11:39 pm #

    Ah good old honeypots for id theft. Next they need to setup a bank, make it corporate only minimum 1mill balance and have a bot army doing fake logins, then watch for the mitm attacks.

  3. Gul October 21, 2008 at 8:24 am #

    Hooray for NCFTA :)

  4. navin October 21, 2008 at 2:00 pm #

    Gul said ‘Hooray for NCFTA’

    hehehehehe :)

  5. Gul October 21, 2008 at 3:06 pm #

    Might have congratulate SpamHaus for their fake data on Mularski too ;)

  6. goodpeople October 27, 2008 at 8:37 am #

    Strike one for the good guys…

  7. zakowako January 18, 2009 at 11:46 am #

    there was a fake bank set up with no protection on it to see how many attacks (and what types) would be performed on it and how quickly. i cant remember the exact number but it was v.funny.

    GOOD ol WIRED