Posts Tagged: Vladislav Anatolievich Horohorin


8
Mar 12

Banking on Badb in the Underweb

Underground Web sites can be a useful barometer for the daily volume of criminal trade in goods like stolen credit card numbers and hijacked PayPal or eBay accounts. And if the current low prices at one of Underweb’s newer and more brazen card shops are indicative of a trend, the market for these commodities has never been more cutthroat.

Visa, Amex cards for sale at Badb.su

Badb.su is distinguishable from dozens of underground carding shops chiefly by its slick interface and tiny domain name, which borrows on the pseudonym and notoriety of the Underweb’s most recognizable carder. It’s difficult to say whether “Badb” himself would have endorsed the use of his brand for this particular venture, but it seems unlikely: The man alleged by U.S. authorities to be Badb — 29-year-old Vladislav Anatolievich Horohorin — has been in a French prison since his arrest there in 2010. Authorities believe Horohorin is one of the founding members of CarderPlanet, a site that helped move millions of stolen accounts. He remains jailed in France, fighting extradition to the United States (more about his case in an upcoming story).

Badb.su’s price list shows that purloined American Express and Discover accounts issued to Americans cost between $2.50 and $3 apiece, with MasterCard and Visa accounts commanding slightly lower prices ($2-$3). Cards of any type issued by banks in the United Kingdom or European Union fetch between $4-$7 each, while accounts from Canadian financial institutions cost between $3 to $5 a pop.

The site also sells verified PayPal and eBay accounts. Verified PayPal accounts with credit cards and bank accounts attached to them go for between 2-3$, while the same combination + access to the account holder’s email inbox increases the price by $2. PayPal accounts that are associated with bank and/or credit accounts and include a balance are sold for between 2 and 10 percent of the available balance. That rate is considerably lower than the last PayPal underground shop I reviewed, which charged 8 to 12 percent of the total compromised account balance.

Verified PayPal accounts with positive balances sell for between 2-10% of the available balance.

Ebay auction accounts are priced according to the number of positive “feedback” points that each victim account possesses (feedback is the core of eBay’s reputation system, whereby members evaluate their buying and selling experiences with other members). eBay accounts with fewer than 75 feedback history sell for $2 each, while those with higher levels of feedback command prices of $5 and higher apiece, because these accounts are more likely to be perceived as trustworthy by other eBay members.

But don’t count on paying for any of these goods with a credit card; Badb.su accepts payment only through virtual currencies such as Liberty Reserve and WebMoney.

Badb.su, like many other card shops, offers an a-la-carte, card-checking service that allows buyers to gauge the validity of stolen cards before or after purchasing them. Typically, these services will test stolen card numbers using a hijacked merchant account that initiates tiny charges or so-called pre-authorization checks against the card; if the charge or pre-auth clears, the card-checking service issues a “valid” response for the checked card number.

Continue reading →


7
Dec 10

Reintroducing Scanlab (a.k.a Scamlab)

Many sites and services require customers to present “proof” of their identity online by producing scanned copies of important documents, such as passports, utility bills, or diplomas. But these requests don’t really prove much, as there are a number of online services that will happily forge these documents quite convincingly for a small fee.

Services like scanlab.name, for example, advertise the ability to create a variety of forged documents made to look like scanned copies of things like credit cards, passports, drivers licenses, utility bills, birth/death/marriage certificates and diplomas. In fact, Scanlab boasts that it has a large database of templates — 17 gb worth from more than 120 countries — which it can draw upon to forge scanned copies of just about any document you might need.

When Scanlab site first surfaced in 2008, it was a fairly bustling place and had a decent number of clients. That is, until not long after I wrote about them in August 2008, when the site just vanished for some reason. The service reappeared this summer, but it’s tough to tell whether Scanlab 2.0 attracts much business. Maybe that’s why they’re now running Flash banner ads like the one below, which was taken from a popular underground hacker forum.

Scanlab-created Missouri drivers license.

Scanlab created this scan of a fake Missouri drivers license — shown here with the picture and made-up personal details of Wikileaks founder Julian Assange — using a photo from Google images, so the quality could certainly be better. But it’s probably enough to pass for a scan of a real ID for most online services that might ask for one as proof of identity.

Scanlab is definitely targeting a very specific type of clientele. This ad invokes the names of two of the most famous “carders,” individuals engaged in theft and sale of stolen credit cards and identity documents: Vladislav Anatolievich Horohorin, 27 — mentioned in this ad by his nickname “BadB”; and Dmitry Golubov, a carding forum administrator who later started his own political party in Ukraine.

And, like most online services that cater to carders, this one does not accept credit cards: Payments are made through WebMoney, a virtual currency popular in Eastern Europe and Russia.

[EPSB]

Have you seen:

Body Armor for Bad Web Sites…Hacked and malicious sites designed to steal data from unsuspecting users via malware and phishing are a dime a dozen, often located in the United States, and are a key target for takedown by ISPs and security researchers. But when online miscreants seek stability in their Web projects, they often turn to so-called “bulletproof hosting” providers, mini-ISPs that specialize in offering services that are largely immune from takedown requests and pressure from Western law enforcement agencies.

[/EPSB]