Cybersecurity researchers at Digital Shadows have analysed activity on carding forums – dark web marketplaces where criminals buy and sell stolen credit card information and other personal data – and discovered that clients are despondent, following a series seizures and forums going dark.
This comes at a time when some ransomware affiliates have been getting worried after action targeting REvil and other ransomware groups.
SEE: My stolen credit card details were used 4,500 miles away. I tried to find out how it happened
On January 2022, a message appeared on a prominent carding forum stating that the Russian Internal Affairs Ministry had shut down the site as part of a “special law enforcement operation”. In a joint cooperation with US agencies, Russia’s Federal Security Service (FSB) identified alleged members of hacking group “The Infraud Organization,” including someone who served as administrator for the forum.
A few days later, it was announced that six more suspects had been arrested on charges linked to selling stolen credit card information, and the same seizure notice appeared on more carding forums.
Other forums appear to have voluntarily gone on a temporary hiatus in what could be an effort to avoid being targeted. “Due to recent events, we are going on vacation for 2 weeks,” said the admins of one carding site, adding: “Thank you for understanding! We’ll be back soon, so don’t worry!” The marketplace hasn’t returned and the ability to get refunds has been cancelled.
One prominent dark web carding market that had been active for almost a decade has also recently shut down – in this case, the operators claimed they were retiring, having made enough money.
But the shutdowns and disappearances appear to be having an impact on some users, who are starting to get worried.
One described it as “most scary moment in the carding history” and a “nightmare for people involved in this business”. Another suggested that “at this tempo there won’t be a Russian darknet by the end of the year.”
Others are more confident that the string of shutdowns is a temporary blip and that, as previously, other marketplaces will rise up to fill the void.
“Some partial restore will happen in some days or weeks,” said one user. Others suggest that the future of carding will move to other platforms, like Telegram – although not all users trust the instant messaging service.
The shutdowns have led to discussions about operational security, as some forum members fear they could also be arrested. “Hard times have come. Take care of yourself and remember your safety,” said one user. “EVERYTHING has changed, go on vacation!” warned another.
Shutdowns and takedowns make engaging in cyber-criminal activity more difficult, but there’s likely always to be some who will continue on, viewing the risk as worthwhile because of the money that can be made.
“It seems unlikely that cyber criminals will do as some forum users joked and go to work in the ‘factories,’” Digital Shadows researchers said. “We saw one threat actor commenting that, although now would be a ‘great time’ if ‘someone has long wanted to retire,’ the carding world would ‘be ok for the rest of the hard workers.’”
MORE ON CYBERSECURITY
How to keep your bank details and finances more secure onlineDark web carding platform UniCC shuts up shop after making millionsHackers used this software flaw to steal credit card details from thousands of online retailersRansomware: Is the party almost over for the cyber crooks?FBI warning: Scammers are posting fake job ads on networking sites to steal your money and identity