Federal Security Service Shuts Down Russian Credit Card Theft Ring Operating Over 90 Websites to Sell Stolen Payment Card Numbers
Russia’s Federal Security Service (FSB) shut down a massive Russian credit card theft ring that involved an estimated 90 websites used for selling stolen payment cards to hackers. The FSB charged 25 people with circulating illegal means of payment. The Russian credit card fraud ring is believed to some of the biggest data breaches over the past ten years. One of the hackers arrested is reported by Krebs on Security to be one of the largest dealers of hacked credit cards stolen from Western businesses.
The stolen credit card numbers are obtained through data breaches, malware, and cyberattacks on businesses all over the world.
Although the FSB did not release the names of those arrested, hacker Alexey Stroganov, who uses the moniker “Flint” and “Flint24” along with his colleague Gerasim Silivanon were reported by blogger Андрей Споров (Andrey Sporaw) to be among them. In 2006, both Stroganov, and Silivanon were previously sentenced to six years but were release after only serving two years of their sentence.
The Russian credit card theft ring was believed to be operating a network of more than 90 websites (known as carding sites) used to sell the stolen payment cards to buyers. Although the FSB is not releasing details, about 40 websites known to be associated with Stroganov, are dead including httpXX://MrWhite[.]biz. Other carding sites – BingoDumps, DumpsKindgom, GoldenDumps, HoneyMoney and HustleBank – are also down according to Krebs.
According to U.S. law enforcement , Stroganov moved hundreds of millions of dollars through BTC-e which was a cryptocurrency exchange that was seized by U.S. authorities after the feds filed a $100 million USD complaint.
Caches of stolen payment cards were sold in groups of 100,000 pieces at a time. Stroganov was known for hacking banks and businesses within Russia, which is not as well tolerated in Russia as is hacking foreign targets.
How Does Credit Card Theft Work?
Credit card theft happens when a thief steals a payment card – a credit card, debit card, or bank card – and uses it for fraudulent charges. A small-time thief may steal one physical card of skim the card number from an ATM or POS terminal Skilled hackers steal thousands of payment cards at a time in large scale using breaches, malware attacks, phishing emails, and other card skimming tactics. In the case of major data breaches, hackers steal thousands of payment cards and sell them on the dark web to other scammers who cloned the numbers to physical cards and sell them. The original physical card never leaves the rightful owner’s possession.
How Do Hackers Steal Payment Cards?
- Data breaches
- Phishing emails
- Credit card skimmers
- Malware in Point of sale terminals or severs as in the Wawa data breach
- Discarded credit card or bank statements
- Online theft though compromised websites
- Nonsecure web browsers
- Nonsecure WiFi
Warning Signs of Credit Card Theft
Look out for these signs of credit card theft:
- Bills from Accounts You Did Not Open
- Notices of Increased Credit Limits
- Calls from creditors or collection agencies
- Increased Credit Limits on your credit report
- New charges on your bank statements
What is Russia’s FSB?
Federal Security Service of the Russian Federation, or FSB, is the main security agency of Russia. FSB is the successor of the Federal Counterintelligence Service of Russia (FSK) which succeeded the forer Soviet Union’s (USSR) KGB. The FSB is the counterpart of the US Federal Bureau of Investigation (FBI).
Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers