Authorities Seize Proxy Servers That Enabled Dark Web Carding Site
The US Department of Justice (DOJ) and international policing agency INTERPOL allegedly have busted dark web carding site Joker’s Stash. There has been no official statement from either agency, but website visitors are currently met with the message that the site has been seized by INTERPOL and the US Federal Bureau of Investigations (FBI) displayed on a splash screen.
The operator of the site posted on a Russian language carding forum that the site was busted, although has vowed to be back online in a few days.
Previous Joker’s Stash Heists
Joker’s Stash is known for stealing over 30 million payment cards over the course of five months from Philadelphia based convenience store Wawa. The stolen card numbers were posted for sale on the marketplace.
In October 2019, the attackers harvested three million cards from Dickey’s Barbeque Pit POS system. The operators also stole five million payment cards stolen from retailer Hudson’s Bay in 2018.
The proxy servers were downed on 17 December when authorities seized and disabled the proxy servers used to direct users to the .bazar version of the marketplace.
Joker’s Stash consists of several versions of the site. It uses multiple domains including the extensions .bazar, .lib, .emc, and coin, as well as two Tor (.onion) Tor (.onion) variants.
In order to completely halt operations, police would have to find and seize the web servers and not just the proxy servers that help hide them.
What is Joker’s Stash?
Joker’s Stash is an online marketplace known as a carding site. It stands out from other dark web marketplaces because its operators claim that they steal the payment card numbers themselves rather than purchase them from other attackers.
This dark web marketplace sells payment card numbers stolen during data breaches, phishing schemes, and malware attacks. Buyers are able to purchase tranches of credit card numbers. They then use them to shop online or print their physical counterfeit cards. They can then sell the stolen cards or use them to rack up charges.
On a Russian-language forum Club2CRD forum, the operators clarified that the take down only affected the proxy servers pointing to the .bazar domain and that the site was unavailable, according to a post on digital shadows.
What is the purpose of Interpol?
INTERPOOL is an international police organization. Its mandate is to support police efforts of its 194 member countries. INTERPOL investigates serious cases that involve murder, human trafficking, fraud, corruption, drug trafficking, environmental crimes, and money laundering.
Not the Final End of Joker’s Stash
This is not a permanent solution to finally end Joker’s Stash. The FBI and INTERPOL were only able to disable the proxy servers that redirect buyers and sellers to the marketplace. They did not seize the actual web servers themselves. This means that when the hackers that run the site can set up new proxy servers and get themselves back in business.