PRIVATE CARDING FORUM
The breach involves at least three separate files being traded on Rapidshare.com: The largest is a database file containing what appear to be all of the communications among nearly 5,000 Carders.cc forum members, including the contents of private, one-to-one messages that subscribers to these forums typically use to negotiate the sale of stolen goods. Another file includes the user names, e-mail addresses and in many cases the passwords of Carder.cc forum users.
PRIVATE CARDING FORUM
'TO befire: man if u have citibank online accounts please connect me, but I working with online banking many years and I khow when people said that has got backdoor to bank it''s always be rippers. I f u really have some banks accounts of citibank or otherplease contact me In PM but it''s imbosible have backdoor to bank because If u have it u never tell about it in public forum...
On January 2022, a message appeared on a prominent carding forum stating that the Russian Internal Affairs Ministry had shut down the site as part of a "special law enforcement operation". In a joint cooperation with US agencies, Russia's Federal Security Service (FSB) identified alleged members of hacking group "The Infraud Organization," including someone who served as administrator for the forum.
Other forums appear to have voluntarily gone on a temporary hiatus in what could be an effort to avoid being targeted. "Due to recent events, we are going on vacation for 2 weeks," said the admins of one carding site, adding: "Thank you for understanding! We'll be back soon, so don't worry!" The marketplace hasn't returned and the ability to get refunds has been cancelled.
One described it as "most scary moment in the carding history" and a "nightmare for people involved in this business". Another suggested that "at this tempo there won't be a Russian darknet by the end of the year."
The shutdowns have led to discussions about operational security, as some forum members fear they could also be arrested. "Hard times have come. Take care of yourself and remember your safety," said one user. "EVERYTHING has changed, go on vacation!" warned another.
"It seems unlikely that cyber criminals will do as some forum users joked and go to work in the 'factories,'" Digital Shadows researchers said. "We saw one threat actor commenting that, although now would be a 'great time' if 'someone has long wanted to retire,' the carding world would 'be ok for the rest of the hard workers.'"
One of the members of ShadowCrew was seen by a police officer in New York to be making multiple ATM withdrawals using a stack of ATM cards he had in his pocket all from one ATM. The police officer approached him, found a dozen blank ATM cards that had been programmed with stolen card info and around $10k in cash. The Secret Service flipped this guy and got admin level access to the carding forums for their undercover aliases. One of these handles being run by the Secret Service ended up becoming one of the top vendors.
One of the guys who got away was Max Butler. He is the subject of a great Kevin Poulsen book called Kingpin which tells the tale of ShadowCrew and what Max Butler did next. He setup the next forum: Carders Market. He consolidated the market again by hacking all the small competing sites, taking their databases and dumping them all into Carders Market then redirecting the sites. The users of the other sites could login to Carders Market and see all their old posts and info, now all centralized.
With Carders Market gone a whole new slate of small sites and forums sprung up. There was an entirely new generation of carders who would hear about credit card fraud on the news, hear about the riches involved and then do a Google search and find the nearest English language carding forum. This new generation was running forums as Tor hidden services. When the hidden services first came to popularity most of the sites were carding sites. The more popular one of these was Tor Carding Forum (TCF).
They were all ill suited to run carding forums and bought an entirely new level of naivety. The reason why the Russians are so successful and are still operating the same networks today 20 years later is not just because of their deal with the government, but because their crews consist of the best security guys, the best ID guys, the best money launderers, the best accountants, the best lawyers, the best hackers, etc. TCF and similar English language forums were letting anybody in as a member, were not cooperating as crews and were mostly lone wolf type hackers who would join the forum, get ripped off for $100 by being sold a tutorial that was 10 years out of date and then being sold card data for $50 each that the Russians would sell for $2 each.
TCF was hacked for the last time in January. The database was leaked and a lot of the users ended up getting hacked themselves. By this point the admins of the site were getting bored and tired of the carding scene and had started to hear about the new big way to earn money on the darknets: underground drug markets. Months before TCF was hacked for the last time some of the admins got together and decided that they would expand TCF into an underground drug market. That drug market launched just after the last TCF hack and is what we know today as Evolution.
In contrast on the TCF forum the average thread is someone begging to be given a free card dump, someone else selling an old tutorial or someone asking for the one thousandth time how to get started. There are one or two legit members but most of the forum is a shit show of incompetence and kids who are lining up to be sent away for long club fed time.
TCF reached a low point earlier this year, and I just happen to be in the middle of the story. A popular scheme over the past few years on forums has been a very simple Ponzi scheme aimed at members of gaming forums, hardware acceleration forums, etc. There was a user on TCF who was semi-known and semi-reputable. He posted a scheme that looked something like this (original post gone) on the forum:
There is a brilliant writeup on WeirderWeb about the exact same scheme taking hold on the BlackHatSEO forums, the original article is down but the mirror on archive.org is still available and it really is worth a read.
Carding is a term describing the trafficking and unauthorized use of credit cards. The stolen credit cards or credit card numbers are then used to buy prepaid gift cards to cover up the tracks. Activities also encompass exploitation of personal data, and money laundering techniques. Modern carding sites have been described as full-service commercial entities.
Stolen data may be bundled as a "Base" or "First-hand base" if the seller participated in the theft themselves. Resellers may buy "packs" of dumps from multiple sources. Ultimately, the data may be sold on darknet markets and other carding sites and forums specialising in these types of illegal goods. Teenagers have gotten involved in fraud such as using card details to order pizzas.
Fraudulent vendors are referred to as "rippers", vendors who take buyer's money then never deliver. This is increasingly mitigated via forum and store based feedback systems as well as through strict site invitation and referral policies.
The 2004 investigation into the ShadowCrew forum also led to investigations of the online payment service E-gold that had been launched in 1996, one of the preferred money transfer systems of carders at the time. In December 2005 its owner Douglas Jackson's house and businesses were raided as a part of "Operation Goldwire". Jackson discovered that the service had become a bank and transfer system to the criminal underworld. Pressured to disclose ongoing records disclosed to law enforcement, many arrests were made through to 2007. However, in April 2007 Jackson himself was indicted for money laundering, conspiracy and operating an unlicensed money transmitting business. This led to the service freezing the assets of users in "high risk" countries and coming under more traditional financial regulation.
Many forums also provide related computer crime services such as phishing kits, malware and spam lists. They may also act as a distribution point for the latest fraud tutorials either for free or commercially. ICQ was at one point the instant messenger of choice due to its anonymity as well as MSN clients modified to use PGP. Carding related sites may be hosted on botnet based fast flux web hosting for resilience against law enforcement action.
For gift card fraud, retailers are prone to be exploited by fraudsters in their attempts to steal gift cards via bot technology or through stolen credit card information. In the context of carding fraud, using stolen credit card data to purchase gift cards is becoming an increasingly common money laundering tactic. Another way gift card fraud occurs is when a retailer's online systems which store gift card data undergo brute force attacks from automated bots.
Since the 1980s in the days of the dial-up BBSes, the term carding has been used to describe the practices surrounding credit card fraud. Methods such as "trashing", raiding mail boxes and working with insiders at stores were cited as effective ways of acquiring card details. Use of drops at places like abandoned houses and apartments or with persuadable neighbors near such a location were suggested. Social engineering of mail order sales representatives are suggested in order to provide passable information for card not present transactions. Characters such as "The Video Vindicator" would write extensive guides on "Carding Across America", burglary, fax fraud, supporting phreaking, and advanced techniques for maximizing profits. During the 1980s, the majority of hacker arrests were attributable to carding-related activities due to the relative maturity of financial laws compared to emerging computer regulations.
One of the first books written about carding, 100% Internet Credit Card Fraud Protected, featured content produced by "Hawk" of carding group "Universal Carders". It described the spring 1999 hack and credit card theft on CyberCash, the stratification of carder proficiencies (script kiddie through to professionals) common purchases for each type and basic phishing schemes to acquire credit card data. 041b061a72