07
Dec 10

Reintroducing Scanlab (a.k.a Scamlab)

facebooktwittergoogle_plusredditpinterestlinkedinmail

Many sites and services require customers to present “proof” of their identity online by producing scanned copies of important documents, such as passports, utility bills, or diplomas. But these requests don’t really prove much, as there are a number of online services that will happily forge these documents quite convincingly for a small fee.

Services like scanlab.name, for example, advertise the ability to create a variety of forged documents made to look like scanned copies of things like credit cards, passports, drivers licenses, utility bills, birth/death/marriage certificates and diplomas. In fact, Scanlab boasts that it has a large database of templates — 17 gb worth from more than 120 countries — which it can draw upon to forge scanned copies of just about any document you might need.

When Scanlab site first surfaced in 2008, it was a fairly bustling place and had a decent number of clients. That is, until not long after I wrote about them in August 2008, when the site just vanished for some reason. The service reappeared this summer, but it’s tough to tell whether Scanlab 2.0 attracts much business. Maybe that’s why they’re now running Flash banner ads like the one below, which was taken from a popular underground hacker forum.

Scanlab-created Missouri drivers license.

Scanlab created this scan of a fake Missouri drivers license — shown here with the picture and made-up personal details of Wikileaks founder Julian Assange — using a photo from Google images, so the quality could certainly be better. But it’s probably enough to pass for a scan of a real ID for most online services that might ask for one as proof of identity.

Scanlab is definitely targeting a very specific type of clientele. This ad invokes the names of two of the most famous “carders,” individuals engaged in theft and sale of stolen credit cards and identity documents: Vladislav Anatolievich Horohorin, 27 — mentioned in this ad by his nickname “BadB”; and Dmitry Golubov, a carding forum administrator who later started his own political party in Ukraine.

And, like most online services that cater to carders, this one does not accept credit cards: Payments are made through WebMoney, a virtual currency popular in Eastern Europe and Russia.

Have you seen:

Body Armor for Bad Web Sites…Hacked and malicious sites designed to steal data from unsuspecting users via malware and phishing are a dime a dozen, often located in the United States, and are a key target for takedown by ISPs and security researchers. But when online miscreants seek stability in their Web projects, they often turn to so-called “bulletproof hosting” providers, mini-ISPs that specialize in offering services that are largely immune from takedown requests and pressure from Western law enforcement agencies.

Tags: , , , , ,

13 comments

  1. The Missouri drivers license is certainly fake, the picture is too good. It actually looks like Julian Assange.

    • It looks like him because it is him, they used the photo from Google images – all in all, it’s actually pretty close to what most MO ones look like. I’ve not seen one who’s number starts with an M but that’s not to say they don’t or that anyone would even notice if they didn’t.

    • He’s 6’4″ and 119 pounds? The creator either is deliberately joking or isn’t familiar with English units.

      • > Scanlab created this scan of a fake Missouri drivers license — shown here with the picture and made-up personal details

        I believe the details were intentionally chosen to be unlikely, and thus to prevent the id from actually being considered as valid if someone actually spends the time to consider it.

        I read that paragraph and was trying to figure out why Brian wrote it in passive tense. — Brian: did scanlab create it for you?, if so could you clarify that?

        • Yes, I had a few dollars burning a hole in my Webmoney account and was curious what they would produce.

          • Brian , you know as well as I do they better go back to the drawing board on that fake I.D. . If that was ever presented to me they be sitting free at the COLD BAR HOTEL . Back some years ago I was summoned by another xyz when he showed me a D.L. from the state it was issued from boy oh boy it was really good , but he forgot 1 thing which I will not discuss . I do believe that person still including his other PARASITES MISFITS BAD BOYS are still in jail .

  2. Yes, faking a document scan is trivial – with the typical scan quality not being too high nobody will notice the irregularities. I just went through a Class 2 certification recently and it left me wondering how hard it would have been to manipulate the data in the ID scan and in the phone bill (which was a PDF file anyway). Sure, they also called me – but on a VoIP phone number. There are enough VoIP providers that would allow me to create a temporary phone number without checking my data. So, next time you see a website with identity “verified” by an SSL certificate – take it with a grain of salt.

  3. Alize forever in my heart :) Love this girl very much

  4. The Ides of March expiration date is a nice touch on the DL!

  5. I remember when you wrote about these guys over two years ago, you even told me at that time they were being looked at by the State Dept.

    Yet here they are back AND AT THE SAME DOMAIN! WTF, don’t you know anyone who can stop them? Is the best we can do—-blog about them?

    That’s pretty lame considering the threat these items pose. I guess we are lucky that you don’t write about serial killers…I’m afraid if that were the case, the killers would all still be out walking around committing murders! I mean WTF, DHS shuts down domains selling fake purses and this crap is up year after year?

    I’m disgusted with this.

    Mark

  6. Mark, sooner or later the BAD GUYS get captured . But always remember something it’s a revolving door out there . When they do get caught it will be the element of surprise to them they will never know what hit them if and when . They only can hide so long or make a big mistake that will end there parasite misbehavior .

  7. I get a speeding ticket for 53 in a 35 and I”m in court and paying fines….they sell passports and DL on the Net year after year and nothing. Argggg, I hate those hacker bad guys. Lets hope in this case it’s sooner than later! Keep up the good work Brian and happy holidays.
    Mark

  8. Sorry for my bad English, but I feel some responsibility for this blog now, when am translating its Russian mirror.
    “Horohorin” – incorrect transcription. “Khorokhorin” would be right.
    Sorry. 8)