Carding Forum
List Home Register Members Calendar Faq

card fraud , cardingmafia , carding board , darknet forum , carding best buy , carding sites , dump+pin , carding bitcoin , darknet markets , carding bins , credit card fraud , darkweb , free stuff , fraud , alphabay , carding mafia , atm fraud , carders forum , cardmafia , cvv shop , atm skimmers , carding tutorial , carding amazon , emv chip dumps , carding airbnb , carder cc , dumps shop , carding cashout , cvv shop , cvv store , cc carding free , carderpro , credit cards cvv , carding deep web , carder forum , credit cards cvv2 , black market , dumps , carding gift cards , dumps with pin , carder007 , carding bank transfer , cvv2 , rescator , buy dumps , carderspro , buy credit cards , carder su , black markets , carder amazon , dumps with pin for sale , carding dumps , fresh stuff , dumps 101 , cc carding sites , dumps 201 , dumps+pin , carding forum 2018 , free dumps , free cc cvv , buy dumps with pin


Go Back   Csu.Lu - Underground Black Market Carding Forum > English-speaking carders > Carding News
Members List Search Today's Posts Mark Forums Read

Carding News News about carding and carders.

Reply
 
Thread Tools
Old 12-02-2018, 05:51 PM   #1
DarkNet
Super Moderator
 
Join Date: Oct 2009
Posts: 437
Reputation: 134
Post U.S. Arrests 13, Charges 36 in Infraud Cybercrime Forum Bust

The U.S. Justice Department announced charges on Wednesday against three dozen individuals thought to be key members of Infraud, a long-running cybercrime forum that federal prosecutors say cost consumers more than a half billion dollars. In conjunction with the forum takedown, 13 alleged Infraud members from the United States and six other countries were arrested.


A screenshot of the Infraud forum, circa Oct. 2014. Like most other crime forums, it had special sections dedicated to vendors of virtually every kind of cybercriminal goods or services imaginable.

Started in October 2010, Infraud was short for In Fraud We Trust, and collectively the forum referred to itself as the Ministry of Fraudulently [sic] Affairs. As a mostly English-language fraud forum, Infraud attracted nearly 11,000 members from around the globe who sold, traded and bought everything from stolen identities and credit card accounts to ATM skimmers, botnet hosting and malicious software.

Todays indictment and arrests mark one of the largest cyberfraud enterprise prosecutions ever undertaken by the Department of Justice, said John P. Cronan, acting assistant attorney general of the Justice Departments criminal division. As alleged in the indictment, Infraud operated like a business to facilitate cyberfraud on a global scale.

The complaint released by the DOJ lists 36 Infraud members some only by their hacker nicknames, others by their alleged real names and handles, and still others just as John Does. Having been a fairly regular lurker on Infraud over the past seven years who has sought to independently identify many of these individuals, I can say that some of these names and nick associations sound accurate but several do not.

The government says the founder and top member of Infraud was Svyatoslav Bondarenko, a hacker from Ukraine who used the nicknames Rector and Helkern. The first nickname is well supported by copies of the forum obtained by this author several years back; indeed, Rectors profile listed him an administrator, and Rector can be seen on countless Infraud discussion threads vouching for sellers who had paid the monthly fee to advertise their services in sticky threads on the forum.

However, Im not sure the Helkern association with Bondarenko is accurate. In December 2014, just days after breaking the story about the theft of some 40 million credit and debit cards from retail giant Target, KrebsOnSecurity posted a lengthy investigation into the identity of Rescator the hacker whose cybercrime shop was identified as the primary vendor of cards stolen from Target.

That story showed that Rescator changed his nickname from Helkern after Helkerns previous cybercrime forum (Darklife) got massively hacked, and it presented clues indicating that Rescator/Helkern was a different Ukrainian man named Andrey Hodirevski. For more on that connection, see Whos Selling Cards from Target.

Also, Rescator was a separate vendor on Infraud, and there are no indications that I could find suggesting that Rector and Rescator were the same people. Here is Rescators most recent sales thread for his credit card shop on Infraud dated almost a year after the Target breach. Notice the last comment on that thread alleges that Rescator had recently been arrested and that his shop was being run by law enforcement officials:

Another top administrator of Infraud used the nickname Stells. According to the Justice Department, Stells real name is Sergey Medvedev. The government doesnt describe his exact role, but it appears to have been administering the forums escrow service (see screenshot below).

Most large cybercrime forums have an escrow service, which holds the buyers virtual currency until forum administrators can confirm the seller has consummated the transaction acceptably to both parties. The escrow feature is designed to cut down on members ripping one another off but it also can add considerably to the final price of the item(s) for sale.

In April 2016, Medvedev would take over as the admin and owner of Infraud, after he posted a note online saying that Bondarenko had gone missing, the Justice Department said.


One defendant in the case, a well-known vendor of stolen credit and debit cards who goes by the nickname Zo0mer, is listed as a John Doe. But according to a New York Times story from 2006, Zo0mers real name is Sergey Kozerev, and he hails from St. Petersburg, Russia.

The indictments also list two other major vendors of stolen credit and debit cards: hackers who went by the nicknames Unicc and TonyMontana (the latter being a reference to the fictional gangster character played by Al Pacino in the 1983 movie Scarface). Both hackers have long operated and operate to this day their own carding shops:


Unicc shop https://unicc.name , which sells stolen credit card data as well as Social Security numbers and other consumer information that can be used for identity theft.
The government says Uniccs real name is Andrey Sergeevich Novak. TonyMontana is listed in the complaint as John Doe #1.

TonyMontanas carding shop.
Perhaps the most successful vendor of skimming devices made to be affixed to ATMs and fuel pumps was a hacker known on Infraud and other crime forums as Rafael101. Several of my early stories about new skimming innovations came from discussions with Rafael in which this author posed as an interested buyer and asked for videos, pictures and technical descriptions of his skimming devices.

A confidential source who asked not to be named told me a few years back that Rafael had used the same password for his skimming sales accounts on multiple competing cybercrime forums. When one of those forums got hacked, it enabled this source to read Rafaels emails (Rafael evidently used the same password for his email account as well).

The source said the emails showed Rafael was ordering the parts for his skimmers in bulk from Chinese e-commerce giant Alibaba, and that he charged a significant markup on the final product. The source said Rafael had the packages all shipped to a Jose Gamboa in Norwalk, Calif a suburb of Los Angeles. Sure enough, the indictment unsealed this week says Rafaels real name is Jose Gamboa and that he is from Los Angeles.

A private message from the skimmer vendor Rafael101, from on a competing cybercrime forum (carder.su) in 2012.
The Justice Department says the arrests in this case took place in Australia, France, Italy, Kosovo, Serbia, the United Kingdom and the United States. The defendants face a variety of criminal charges, including identity theft, bank fraud, wire fraud and money laundering.
DarkNet is offline   Reply With Quote
Reply

Bookmarks

Tags
andrey hodirevski , helkern , infraud , infraud forum , john p. cronan , jose gamboa , rafael101 , rector , rescator , sergey kozerev , sergey medvedev , stells , svyatoslav bondarenko , target breach , tonymontana , unicc , zo0mer


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 06:54 PM.