November 30, 2010

“YOU’VE probably never met Sergey Kozerev, a former student at the State University of Technology and Design in St. Petersburg, Russia, but it’s possible that he’s mugged you.

In the online world, he operates under the pseudonym Zo0mer, according to American investigators, and he smugly hawks all manner of stolen consumer information alongside dozens of other peddlers at a Web site he helps manage.”

The text above was the lead for a story published April 3, 2006 in The New York Times. It described Zo0mer as a “kingpin” of the criminal underworld market for stolen identities and credit cards.

What’s remarkable is that — almost four years later — Zo0mer’s business appears stronger than ever.

Today, Zo0mer/Kozerev runs perhaps the most bustling marketplace for purloined financial data in the UnderWeb. His Flash advertisements, like the one pictured below, adorn several prominent “carding” forums.

The ads promote a pair of his services: One sells “dumps” — account data stolen (by malware or skimmers) from the magnetic stripes on the back of all credit and debit cards that can be used to create counterfeit cards; the other peddles stolen credit card data and sensitive personal information that can be used to hijack identities and change the mailing address records on bank accounts.

Two of Zo0mer's threads on a carding forum.

Below are screen shots of Zo0mer’s two fraud shops, which show the prices associated with each of these services. According to Zo0mer’s posting on one carding forum, one credit card + its corresponding card security code costs about $1, and the price goes down for high volume purchases. If you want the absolutely freshest stolen card numbers, the price doubles to $2 per card, and redoubles to $4 per card if you care which bank issued the card. Hacked eBay and Paypal accounts also are for sale.

Searches for the mother’s maiden name of a potential identity theft victim cost $10, and roughly $4 lets you look up a Social Security number.

If you’re a cyber criminal and prefer simply to profit from selling stolen personal and financial data, Zo0mer will take that hot information off your hands at whatever price the market will bear (well, his market anyway). “I will take on resell your CC or DUMP Base. Best for peoples who like money and want to stay anonymous,” Kozerev states on a popular, members-only carding forum.

It’s perhaps not surprising that Zo0mer has been left to his own devices there at his shop in St. Petersburg: There seem to be few consequences for criminal hackers that are arrested and charged in Russia. In September, 29-year-old St. Petersburg resident Viktor Pleshchuk, one of the masterminds behind the $9 million hack into RBS WorldPay in 2008, received a six-year-suspended sentence after pleading guilty to the crime.

23 thoughts on “Cybercrime Untouchables?

  1. DavidM

    “There seem to be few consequences for criminal hackers that are arrested and charged in Russia. In September, 29-year-old St. Pete’s resident Viktor Pleshchuk, one of the masterminds behind the $9 million hack into RBS WorldPay in 2008, received a six-year-suspended sentence after pleading guilty to the crime.”

    Just when you thought tha t “crime doesn’t pay” the strak slap of reality proves otherwise. While I believe we will run into countries that do not believe that cyber crime is an isssue, I am sure that there are those like in Russia where they take cybercrime seriously…But with the right amount of cash to donate ( nudge, nudge…wink wink ) to the local police and politicians I am sure like bulletproof hosting, there are no problems as long as you pay. Until there is some miracle of God and countries enact a global agreement to thwart the cyber criminals and seperate them from their funds…Nothing will hurt this little rogue economy! Much like ICANN , RIPE etc..They seem to diddle when it comes to snipping those who are known to be purveyors of badness, apparently being prolitically correct seems to be more important than abiding by the regulation set forth to govern themselves.

    1. Ranulf

      I entirely approve of this message. Unfortunately the only way of getting at the criminals seems to be to cut off the rogue networks in their entirety, i.e. Russia as a whole. Who wants to start the next trade war? Esp. when Russia is about to get a stranglehold on the European gas market.

  2. Jason

    What I find most remarkable about these thieves is how other thieves trust them enough to buy anything from them. Do the buyers themselves always use stolen credit cards to purchase the dumps? And even then, I wonder how often thieves steal from other thieves.

    1. Scott

      It’s a reputation-based economy Jason… if you burn someone, no one is going to buy your stuff, if no one knows you, no one is going to buy your stuff. If you provide superior service, superior products, and continually deliver on what you sell, you’re going to have a lot of repeat business. Word travels fast and if you screw someone, everyone knows it.

      I don’t think a lot of people using Visa/MC to charge their dumps purchases, directly anyways, because most of these guys require other forms of payment (e-gold, etc…). The purchasers might be charging up those online payment accounts with stolen funds tho.

      Also, look at the screenshot – notice how you’re not buying this stuff directly, you’re purchasing credits on the website to access the data… interesting concept. I wonder if Zo0mer thinks he’s protecting himself that way or if he thinks he’s found a loophole in a law somewhere (where ever he operates from).

    2. JS

      Most the traded “money” is likely already ill-gotten once or twice over.

      It doesn’t have to come from stolen cards.

      * Stolen/Hijacked merchandise fenced (ebay, craigslist, many other private forums etc)
      * I include stolen or illegitimately activated gift cards under the classification of carding.
      * Outright burglary of cash or other items
      * Outright counterfeiting
      * Pornography mills which “re-trade” stolen content
      * kickback and bribes to keep criminal activities at the NOC, ISP quiet. (anonymizers, proxies, botnets)
      * Fees for cracking, encrypton/deencryption
      * Direct sale of narco or in its traffic
      * Gains from pimping or white slavery trafficking
      * Gains from gambling
      * SEO manipulation fees
      * Selling hacking tools and wares
      * Insurance fraud (medical or other)
      * Student Financial Aid Fraud
      * Social Assistance Fraud (Social Security etc)

      The list gets longer…. cyber crime is just crime.

      What is “shocking” is to realize its a criminal economy from real money which flows into virtual goods & virtual money which now heavily influences the legitimate economy. The unit is Billions across all forms of crime.

      The game for smart criminals is never use your own money when somebody else can pay for you.

      When will governments realize how much financial capital is collectively bleeding from the system every year in the form of fraud write-offs.

      Secondly when will the west again realize that there exists lawless areas in the world, and respond accordingly (IE enter those areas at your own risk).

      It used to be effective to stop trading/assisting those governments unless real reform is instituted — but now I don’t think that’s possible.

      Its really a situation of Barbary coast piracy in our time.

      There exists a mindset and actual havens of institutionalized klepocracy which is “foreign to our worldview” in the major Western countries.

      1. Krebs

        Despite all your grand claims and huge list you have provided no source for this information whatsoever and frankly it sounds like your talking out of your A**

        1. Jason

          He doth protest too much!

          Seriously, hacker dude, does it make you feel good to impersonate Brian and attack posters? Do you think we’re that stupid?

          1. BrianKrebs Post author

            Thanks for pointing this one out. I was going to delete it because impersonating the author is just rude, but I really dislike deleting comments, so I’ll leave it for now.

          2. Krebs

            Well firstly I wasn’t trying to impersonate Brian although granted I can see why you thought this.

            And secondly what on earth makes makes you think I’m a hacker?

  3. Pizdetc

    Brian you are probably is main buyer, because most of carders don’t buy in this crappy shop.

      1. BrianKrebs Post author

        I think that’s probably dead-on correct. His nickname says it all (Google “Pizdet”).

        1. Pizdetc

          Brian, you russian is still very bad, because pizdet i pizdetc (or pizdec) iz very different words.

          1. LC

            either that, Pizdetc, or your grasp of the english language isn’t good enough to know when someone is insulting you, :p

          2. AlphaCentauri

            If you pick a username that’s one letter different from “pizdet” and don’t expect people to notice the similarity, who’s the one with bad Russian?

  4. Mark Kelly

    I read a good NY Times article about the leader of a cyber crime gang who actually used to work for the Feds for awhile. In that article it mentioned that they sold the same information to multiple people which greatly increased the risk that the later users would get tracked and busted for the crime.

    So as one commenter already pointed out it is a matter of trust but its amazing that a cyber criminal would trust anyone since the person they are dealing with might have already been busted and be looking to get a deal by turning others in.

    Interesting article if you have time:

      1. generic-super-hero

        I’ve been fortunate enough to buy Master Splyntr a beer.

Comments are closed.