Russia’s law enforcement has blocked major dark web sites, including the market leader in carding. The platforms were seized as part of ongoing investigations into hacking groups, with Russian authorities stepping up efforts to break up the cybercrime rings and detain their members.
The Russian Interior Ministry has launched an investigation into the market for stolen credit cards.
According to blockchain forensics firm Elliptic, the Russian Federation’s Ministry of Internal Affairs (MVD) has taken down four prominent dark web websites. Directorate “K,” the MVD’s unit that combats computer-related crime, has blocked the sites.
According to the report, the seized platforms include the Sky-Fraud forum, Trump’s Dumps, UAS Store, and Ferum Shop, which became the leading market for stolen credit cards after the largest marketplace in the niche, Unicc, was taken offline in January.
Elliptic estimates that the sites made more than $263 million in crypto sales denominated in bitcoin (BTC), ether (ETH), and litecoin (LTC) before being shut down. Ferum generates the majority of that amount, with $256 million in bitcoin generated, or 17% of the carding market.
Trump’s Dumps, another website that distributes compromised card data, is said to have made $4.1 million since its inception in 2017. Both sites were promoted on the Sky-Fraud forum, where carding techniques and money laundering advice were popular topics. Directorate “K” appears to have left a message in its source code that reads, “Which one of you is next?”
— Soufiane Tahiri (@S0ufi4n3) February 7, 2022
The fourth website that was blocked, UAS Store, was a platform that sold stolen remote desktop protocol credentials, which cybercriminals used to gain access to victims’ accounts from other devices. As more employees work from home due to the Covid-19 pandemic, these breaches have increased. UAS Store has made approximately $3 million in cryptocurrency since late 2017.
Elliptic points out that the most recent seizures occurred after the previous top carding marketplace, Unicc, and its affiliate proxy market Luxsocks, became inaccessible in mid-January. The seizures also came after the Russian Federal Security Service apprehended Unicc’s suspected administrator (FSB). According to the researchers, the crypto proceeds from the two platforms totaled $372 million.
Meanwhile, the MVD has sought the arrest of six unidentified hackers accused of “illegal circulation of means of payment” in a Moscow court. It is unclear whether the group is linked to the now-defunct dark web sites. On a U.S. request, the FSB and MVD busted the notorious Revil ransomware group last month, detaining 14 of its suspected members.
Disclaimer: These are the writer’s opinions and should not be considered investment advice. Readers should do their own research.