February 9, 2022

Russian authorities have arrested six men accused of operating some of the most active online bazaars for selling stolen payment card data. The crackdown — the second closure of major card fraud shops by Russian authorities in as many weeks — comes closely behind Russia’s arrest of 14 alleged affiliates of the REvil ransomware gang, and has many in the cybercrime underground asking who might be next.

Dept. K’s message for Trump’s Dumps users.

On Feb. 7 and 8, the domains for the carding shops Trump’s Dumps, Ferum Shop, Sky-Fraud and UAS were seized by Department K, a division of the Ministry of Internal Affairs of the Russian Federation that focuses on computer crimes. The websites for the carding stores were retrofitted with a message from Dept. K asking, “Which one of you is next?”

According to cyber intelligence analysts at Flashpoint, that same message was included in the website for UniCC, another major and venerated carding shop that was seized by Dept. K in January.

Around the same time Trump’s Dumps and the other three shops began displaying the Dept. K message, the Russian state-owned news outlet TASS moved a story naming six Russian men who were being charged with “the illegal circulation of means of payment.”

TASS reports the six detained include Denis Pachevsky, general director of Saratovfilm Film Company LLC; Alexander Kovalev, an individual entrepreneur; Artem Bystrykh, an employee of Transtekhkom LLC; Artem Zaitsev; an employee of Get-net LLC; and two unemployed workers, Vladislav Gilev and Yaroslav Solovyov.

None of the stories about the arrests tie the men to the four carding sites. But Flashpoint found that all of the domains seized by Dept. K. were registered and hosted through Zaitsev’s company — Get-net LLC.

“All four sites frequently advertised one another, which is generally atypical for two card marketplaces competing in the same space,” Flashpoint analysts wrote.

Stas Alforov is director of research for Gemini Advisory, a New York firm that monitors underground cybercrime markets. Alforov said it is most unusual for the Russians to go after carding sites that aren’t selling data stolen from Russian citizens.

“It’s not in their business to be taking down Russian card shops,” Alforov said. “Unless those shops were somehow selling data on Russian cardholders, which they weren’t.”

A carding shop that sold stolen credit cards and invoked 45’s likeness and name was among those taken down this week by Russian authorities.

Debuting in 2011, Ferum Shop is one of the oldest observed dark web marketplaces selling “card not present” data (customer payment records stolen from hacked online merchants), according to Gemini.

“Every year for the last 5 years, the marketplace has been a top 5 source of card not present records in terms of records posted for sale,” Gemini found. “In this time period, roughly 66% of Ferum Shop’s records have been from United States financial institutions. The remaining 34% have come from over 200 countries.”

In contrast, Trump’s Dumps focuses on selling card data stolen from hacked point-of-sale devices, and it benefited greatly from the January 2021 retirement of Joker’s Stash, which for years dwarfed most other carding shops by volume. Gemini found Trump’s Dumps gained roughly 40 percent market share after Joker’s closure, and that more than 87 percent of the payment card records it sells are from U.S. financial institutions.

“In the past 5 years, Ferum Shop and Trump’s Dumps have cumulatively added over 64 million compromised payment cards,” Alforov wrote. “Based on average demand for CP and CNP records and the median price of $10, the total revenue from these sales is estimated to be over $430 million. Due to the 20 to 30% commission that shops generally receive, the administrators of Ferum Shop and Trump’s Dumps likely generated between $86 and $129 million in profits from these card sales.”

The arrests of the six men comes less than two weeks after Russian law enforcement officials detained four suspected carders — including Andrey Sergeevich Novak, the reputed owner of the extremely popular and long-running UniCC carding shop.

In 2018, the U.S. Justice Department charged Novak and three dozen other defendants thought to be key members of “Infraud,” a huge cybercrime community online that prosecutors say cost merchants and consumers more than half a billion dollars.

Unicc shop, which sold stolen credit card data as well as Social Security numbers and other consumer information that can be used for identity theft. It was seized by Dept. K in January 2020.

Flashpoint said the recent arrests represent the first major actions against Russia-based cybercriminals since March 2020, when the FSB detained more than thirty members of an illicit carding operation, charging twenty-five of them with “illegal circulation of means of payment.”

Dumps, or card data stolen from compromised point-of-sale devices, have been declining in popularity among fraudsters for years as more financial institutions have issued more secure chip-based cards. In contrast, card-not-present data stolen from online stores continues to be in high demand, because it helps facilitate fraud at online retailers. Gemini says the supply of card-not-present data rose by 50 percent in 2021 versus 2020, fed largely by the success of Magecart e-skimmers that target vulnerabilities in e-commerce sites.

Alforov says while the carding shop closures are curiously timed, he doubts the supply of stolen card data is going to somehow shrink as a result. Rather, he said, some of the lower-tier card shops that were previously just resellers working with Trump’s Dumps and others are now suddenly ramping up inventory with their own new suppliers — very likely thanks to the same crooks who were selling cards to the six men arrested this week in Russia.

“What we’re seeing now is a lot of those reseller shops are coming to the market and saying, ‘We don’t have that order data we were getting from Ferum Shop but now have our own vendors,'” Alforov said. “Some of the lesser tier shops are starting to move up the food chain.”

37 thoughts on “Russian Govt. Continues Carding Shop Crackdown

  1. Jon Marcus

    Have to think this is a political move related to Russia’s threat to Ukraine. Maybe something like, “See how helpful we can be if you just play nice with us”?

    1. anonymous

      exactly, 10000% … this kind of action from Russia is never seen in history.

      1. mealy

        Until 2 weeks ago, then with a flick of the switch.. novo russia?

      1. an_n

        Smoking crack or blindly trust(ing) Russia’s commitment against cybercriminals, Graham?
        Trust, but verify. Start with grammar.

      1. informa

        I guess it bears repeating, that is a fact. Putin said it.
        “If we had only known to check the toilet” -rough translation

  2. anonymous

    exactly, 10000% … this kind of action from Russia is never seen in history. US will not react hard to this one for sure.

  3. YR

    What happens after the arrest? Do they really see a jail from inside or they get a slap on the wrist and go back to work or they become employees of the FSB?

    1. kingJames

      They will cooldown for a while and let loose again after the loot is disbursed.

    2. JamminJ

      Why would they become employees of the FSB?
      It’s not like running a dark web site requires actual hacking skills. Stolen credit card data may originate from hackers, but it’s so far removed from the people who actually write the code to hack into a network or database,… the script kiddies who collect and scraped the data together, and the website admins who sell them online.

      1. SeymourB

        They’re arrested until they provide enough bribes to enough of the FSB – then they’ll get released.

        Though first Pudgtin will have to realize a couple arrests aren’t enough to overlook an invasion of Ukraine.

    3. WK

      What happens to them probably depends in part on what contacts they’re willing to give the FSB. If one of them is willing to play middleman/recruiter for a hacker with actual skills, they might be considered useful. Even if they don’t have currently useful hacking skills themselves, there’s a chance they have contacts and knowledge of the darkweb that the FSB might lack.

      They could also just have all their assets seized by the government and be dumped on the streets after a prison sentence.

      But it is unlikely that their actual fates will become public knowledge unless they’re put on trial and executed.

  4. Charles S.

    Wonder if this has anything to do with Russia Ukraine crisis. Maybe they’re only taking these sites down to show the USA what they will lose if imposed sanctions.

  5. John Brown

    Extremely unfortunate and unpatriotic. As long as these people are just stealing cards from American filth, this seems fine.

    1. anon

      Yeah, just waiting for some shop to arise who sells Russian data

      1. volgar

        How to steal turnips over an internet? Is crazy! Invade or go home sad.

  6. Meat Popcicle

    So….? FSB rolled on a couple middle men. This amounts to one week of bottlenecked CC trafficing. One of Putin’s bursers looses a handful of middle men and gains a different handful. It’s not like the state employee/mob boss these guys report to was pinched. Pawns traded for political position.

    1. an_n

      Max of 7 years, out in 1 and working for the team instead. Watch.

  7. ReadandShare

    Trump’s Dump – an unfortunate, unintended collateral damage, surely?

  8. Lord Hyperinflation

    The cryptocurrencies brought the great depression on united states.

  9. Yearight

    And all those dirty bitcoins will be sold at wall street to honest crypto investors.
    Fsb cia banks walll street they are all same its all about making profit in bankers and wall street pockets nothing else really matters.
    I envy them even i know they are corrupted i dont care i know yachts and ferrar mansions and chapagne in monaco or st tropez dont come easy or honest way all those funds will end up there u can literally walk to any yacht owner and say you want to be corrupted lets work together and definately you get a job for cleaning some dirty money as fron of fashion company or model agency lol french riviera is right location for swindlers for small thiefs marbella spain but higher criminals who work with goverment their place is monaco and south france to spend on 50,000$ per chapagne bottle

  10. vb

    From the article: ” likely generated between $86 and $129 million in profits”. Criminals who generate that kind of money quickly figure out who they need to pay off to stay out of trouble. I take arrests with a grain of salt. When they seize assets, cash, and bank accounts… that will get my attention.

  11. Anon

    Russia needs their crypto to pay for unattributable actions…..

  12. Norio

    The Borowitz Report
    By Andy Borowitz
    December 9, 2021

    Vladimir Putin thinks that negotiating with the United States would be “so much easier” if he possessed a pee tape of President Joe Biden, the Russian leader has confirmed.

    Speaking to reporters about his lengthy phone conversation with Biden regarding Ukraine, Putin said, “I kept thinking to myself, I wish I had a pee tape of this guy.”

    After hanging up with the U.S. President, Putin ordered Russian intelligence officials to scour their archives for a Biden pee tape, but they came up empty.

    “They mainly found a lot of footage of him saying things he didn’t mean to say,” Putin said. “Nothing great.”

    The Russian President said that the absence of a Biden pee tape will make Russia’s dealings with the United States “more challenging.”

    “It is what it is,” he said wistfully.

    1. tintin

      ahahah you are a mess but i was thinking to ask the same 🙂

  13. Mike

    Briansclub still down anybody have the new link or any new good good site.

Comments are closed.