September 10, 2012

This blog has featured several stories on reshipping scams, which recruit willing or unwitting U.S. citizens (“mules”) to reship abroad pricey items that are paid for with stolen credit cards. Today’s post highlights a critical component of this scheme: the black-market sale of international shipping labels fraudulently purchased from the U.S. Postal Service.

A service that automates creation of carded USPS labels.

USPS labels that are purchased via card fraud, known in the Underweb as simply “cc labels,” are an integral part of any reshipping scheme. So it should be no surprise that the leading proprietors in this obscure market run Atlanta Alliance, one of the largest and most established criminal reshipping rackets in the underground.

The service, at fe-ccshop.com, makes it simple for any reshipping scam operator to purchase international shipping labels at a fraction of their actual cost. For example, USPS Express Mail International labels for items 20 pounds or less that are headed from the United States to Russia start at about $75, but this service sells them for just $14. The same label for an item that weighs 25 pounds would cost upwards of $150 at the Post Office, but can be had through this service for just $19.

Customers fund their accounts with a virtual currency such as Liberty Reserve, and then enter the reshipping mule’s address in the “from” section and the fraudster’s in the “to:” field. Clicking the “make label” button causes the label to be paid for with a stolen credit card, and lets the customer print or save digital images of usable and new USPS international shipping labels.

The carded labels service is sold as a component of a larger shop that is currently peddling more than 100,000 stolen credit and debit card numbers (see above).

Another carded labels service run by one of the leading members of the Russian hacker forum lampeduza.org offers its own reshipping service, as well as USPS labels, at similar pricing. The proprietors of this service also market a panoply of other hacking and malware design services, described in the following ad, which runs on the site’s home page after users log in:

“Dear Friends! We are Glad to offer you Service on development of Systems of any Complexity.

Our Experts are using the following products:

Programming: C, C + +,. NET (C #), PHP, Perl, Python, Ruby, Java, Scala.

Databases: mySQL, pgSQL, mongodb, sqlite, couchdb

OS: Windows, linux, BSD

Preferable directions: Web Services, bots /botnets, parsers, emulators, Spam, flood. Expensively, anonymously, qualitatively. Work on 30% -50% for an advance Payment (to Webmoney, LibertyReserve, wire).”


17 thoughts on “Donkey Express: Mules Take Over the Mail

  1. nhtuyenspk

    Its a shame that people in other countries can steal credit cards from US citizens and get away with it. Why? Because if they steal under $5000 it will cost more then that for FBI or CIA to dispatch to another country just to track them down. And do you think officials are going to go through international efforts to track down $500 or so for you? This is why global cyber crime is so popular.

    1. SeymourB

      In some countries, unless the aggrieved party is a citizen of that country, then that country’s law enforcement doesn’t care how much was stolen. So long as their citizens don’t harm other citizens of their country, they’re free to do just about anything except protest corrupt politicians (remember, those politicians are citizens, and exposing their corruption is harmful to the politician).

      And without the aid of foreign law enforcement, good luck capturing criminals. The most you can do is scam them into coming into your jurisdiction, which is expensive indeed.

  2. Uzzi

    Sorry, but your’re wrong with both arguments:

    a) Credit card fraud is an organized international crime and the US is it’s natural habitat.

    Maybe you like to read Brian’s posts on Global Payments data breach and others:
    http://krebsonsecurity.com/2012/04/global-payments-1-5mm-cards-exported/

    b) In fact this is a multi-million crime and if you google ‘credit card fraud AND fbi’ you will find more information. The Internet Crime Complaint Center advises to “visit any of the three credit bureaus, Equifax, Experian, or TransUnion, for more information or to place a fraud alert on your credit report.”
    http://www.ic3.gov/crimeschemes.aspx#item-4

    But I agree on your implicit argument that it is a shame that national and international cooperation needs to be more effective… And to some point the way most corporations handle credit card fraud is simply ridiculous business just staring on sales numbers. (If you take two managers, one with 20% more sales and 20% credit card fraud and the other with just 80% sales of the first one, guess who is in trouble?)

  3. alson

    why u guys online adveritise the services of fraud but cannot get them down?

    or u too weak ? who will protect us?

  4. Roman Iakoubtchik

    I might sound like a broken record, but everything leads back to investing in technology infrastructure. Most of these Shipping Label sellers take advantage of hacked corporate shipping accounts, which utilize their accounts greatly and might not notice additional activity.

    I imagine the passwords are obtained by infecting unsuspecting users with various malware and password sniffers. Securing these users is very much possible, but requires capital for preventative measures (software/hardware), which most companies can’t afford or justify spending.

  5. PJJ

    Forgive me for picking nits, but shouldn’t “USP labels” be “UPS labels” instead?

  6. Andy

    They’re making less than twenty cents per dollar of stolen funds — is this a good return relative to other ways they could be monetizing the cards?

  7. MattM

    Hey, at least they switched their hosting provider. They used to be hosted by AntiDDos which got busted last month. Is it me or all carding related projects are hosted/registered in Netherlands these days?

  8. Atlanta Alliance

    Hi.
    Who said that the AA company are breaking the law?

    What law they break?

    1. BrianKrebs Post author

      If you really are affiliated with Atlanta Alliance, then your comment is hilarious. Ive interviewed many of your reshippers, and they all say they same thing: They were hired and worked for 30 days and were promised salaries, but after 29 days they were cut loose.

      What’s more, they were being sent packages of goods and shipping labels purchased with stolen cards. I’d call both of those things breaking the law.

      1. Maxim Stepanenko (Atlanta Alliance)

        Good day

        Please call one person who did not get the money?
        You still have not answered the question about the law.

        You do the propaganda against Russia

        1. Sastray

          I know the above will get downvoted soon enough, but can I propose this as a new slogan? KrebsOnSecurity.com: I do the Propaganda against Russia

  9. Atlanta Alliance

    NIKITA.
    I am from Russia. But i dont understand you.
    As i know it reshiping service from ebay to Russia for 10%.

    I worked with them some years.

  10. Maxim Stepanenko (Atlanta Alliance)

    Barak Obama wants the “Perezagruzka”

    Do you want it also? Or you want to atack Iran to get oil?

    You good man, but you lie

  11. MOMO

    Think about the debt $ 16000000000000

    Think about the debt $ 65000000000000 per states

    Forget about other countries. Think about Federal Reserve

Comments are closed.