1980s–1999 Since the 1980s in the days of the
dial-up BBSes, the term
carding has been used to describe the practices surrounding credit card fraud. Methods such as "
trashing", raiding
mail boxes and
working with insiders at stores were cited as effective ways of acquiring card details. Use of
drops at places like abandoned houses and apartments or with persuadable neighbors near such a location were suggested.
Social engineering of
mail order sales representatives are suggested in order to provide passable information for
card not present transactions. Characters such as "The Vindicator" would write extensive guides on "Carding Across America",
burglary,
fax fraud, supporting
phreaking, and advanced techniques for maximizing profits. During the 1980s, the majority of
hacker arrests were attributable to carding-related activities due to the relative maturity of financial laws compared to emerging computer regulations. The severity of the crackdown was so much that the
Electronic Frontier Foundation was formed in response to the violation of civil liberties. In the mid-1990s with the rise of
AOL dial-up accounts, the
AOHell software became a popular tool for
phishing and stealing information such as credit card details from new Internet users. Such abuse was exacerbated because prior to 1995 AOL did not validate subscription credit card numbers on account creation. Abuse was so common AOL added "
no one working at AOL will ask for your password or billing information" to all instant messenger communications. Only by 1997 when
warez and phishing were pushed off the service did these types of attacks begin to decline. One of the first books written about carding,
100% Internet Credit Card Fraud Protected, featured content produced by "Hawk" of carding group "Universal Carders". It described the spring 1999 hack and credit card theft on
CyberCash, the stratification of carder proficiencies (
script kiddie through to professionals) common purchases for each type and basic phishing schemes to acquire credit card data. By 1999, United States offline and online credit card fraud annual losses were estimated at between $500,000 and $2 million.
Operation Firewall In the summer of 2003, separate
United States Secret Service and
FBI investigations led to the arrest the top administrator
Albert Gonzalez of the large
ShadowCrew, turned
informant as a part of "Operation Firewall". By March 2004, the administrator of "CarderPlanet" disappeared with Gonzalez taking over. In October 2004 dozens of ShadowCrew members were busted across the US and Canada. Carders speculate that one of the USSS infiltrators might have been detected by a fellow site member causing the operation to be expedited. ShadowCrew admin Brett Shannon Johnson managed to avoid being arrested at this time, but was picked up in 2005 on separate charges then turned informant. Continuing to commit tax fraud as an informant, "Operation Anglerphish" embedded him as admins on both ScandinavianCarding and CardersMarket. When his continued carding activities were exposed as a part of a separate investigation in 2006, he briefly went on the run before being caught for good in August of that year. In June 2005, the credit card processing company
CardSystems was hacked in what was at the time the largest personal information breach in history with many of the stolen information making its way to carding sites. would only come to the public's attention after stolen cards detected being misused to buy large amounts of gift cards. Gonzalez's 2008, intrusion into
Heartland Payment Systems to steal card data was characterized as the largest ever criminal breach of card data. Also in June 2005,
UK-based carders were found to be collaborating with
Russian mafia and arrested as a result of a
National Hi-Tech Crime Unit investigation, looking into
Eastern European crime syndicates. Some time in 2005, J. Keith Mularski from the
NCFTA headed up a sting into popular English language site
DarkMarket.ws. One of the few survivors of "Operation Firewall", Mularski was able to infiltrate the site via taking over the handle "Master Splyntr", an Eastern European spammer named Pavel Kaminski. In late 2006 the site was hacked by
Max Butler, who detected user "Master Splyntr" had logged in from the NCFTA's offices, but the warning was dismissed as inter-forum rivalry. In 2007 details of the operation was revealed to German national police, that the NCFTA had successfully penetrated the forum's inner "family". By October 4, 2007, Mularski announced he was shutting the site due to unwanted attention from a fellow administrator, framed as "too much attention" from law enforcement. For several years following site closure multiple arrests were made internationally. From 2004 through to 2006, CardersMarket assimilated various rival forums through marketing, hacking databases. Arrested in 2007, in 2010 the site's owner
Max Butler was sentenced to 13 years in prison.
2007–present Since 2007 to present, Operation Open Market, an operation run by the
HIS and the
USSS targeted the primarily Russian language
Carder.su organisation, believed to be operating out of
Las Vegas. US law enforcement shut down Carder.su in 2010. In 2011, alleged site owner
Roman Seleznev was apprehended in the
Maldives by US law enforcement and in 2012, identity thief David Ray Camez was arrested and charged in an unprecedented use of
RICO legislation.
Horohorin Vladislav, identified as BadB in November 2009 in a sealed indictment from the United States attorney's office was arrested in 2010 by
USSS in Nice, France. Vladislav created the first fully automated credit card shop and managed websites associates with stolen credit card numbers.
Horohorin Vladislav is also known for being first cyber criminal to promote his illegal activities by creating video cartoons ridiculing American card holders. In 2011, former
Bulgarian
ShadowCrew member
Aleksi Kolarov (also known as "APK") was finally arrested and held in
Paraguay before being extradited to the United States in 2013 to face charges. In March 2012, the
United States Secret Service took down Kurupt.su, and arrested
David Schrooten (also known as "Fortezza" and "Xakep") in Romania, he was extradited to the United States and sentenced to serve 12 years in federal prison. Primarily for his role in trafficking credit cards he obtained by hacking other hackers. In June 2012, the
FBI seized carding and hacking forums
UGNazi.com and Carders.org in a
sting as a part of a 2-year investigation dubbed Operation Card Shop In August 2013, hacker and carding forum
HackBB was taken down as part of the raid on
Freedom Hosting. In January 2014, fakeplastic.net was closed following an investigation by the
US postal service and FBI, after collating previously seized information from
TorMail,
ShadowCrew and
Liberty Reserve. This led to multiple arrests and prosecutions as well as the site's closure. A 2014 report from
Group-IB, suggested that Russian cybercriminals could be making as much as $680 million a year based on their market research. In December 2014, the
Tor based
Tor Carding Forum closed following a site hack, with its administrator "Verto" directing users to migrate to the
Evolution darknet market's forums which would go on to be the largest darknet market exit scam ever seen. "Alpha02", who was notorious for his guides through, went on to found the
AlphaBay darknet market, the first to ever deal in stolen
Uber accounts. The site is working on rebuilding the damage to the reputation of markets founded by carders precipitated by the
Evolution scam. Meanwhile, most Russian carders selling details do not trust the
darknet markets due to the high level of law enforcement attention; however, buyers are more open. Ercan Findikoğlu, also known as "Segate" and "Predator", with others, led an international conspiracy, stole $55 million by hacking ATM card issuers and making fraudulent cards and was sentenced to eight years in prison by a federal court. Findikoğlu, a Turkish national, with a Russian wife, Alena Kovalenko, avoided capture by obscuring his cyber fingerprints and avoiding the reach of American law, but he went to Germany in December 2013, was arrested, lost a court challenge, and was extradited. Findikoğlu, as a youngster honed his skills in cyber cafes, the Turkish military, and then masterminded three complex, global financial crimes by hacking into credit card processors, eliminating the limits on prepaid cards then sending PINs and access codes to teams of cashers who, within hours withdrew cash from ATMs. In December 2012, 5,000 cashers in 20 countries withdrew $5 million, $400,000 in 700 transactions from 140 New York ATMs, in 150 minutes. Stolen cash was kicked back via wire transfers and deliveries to Turkey, Romania and Ukraine. Vladimir Drinkman, 34, a cohort of
Albert Gonzalez, pleaded guilty in Camden, New Jersey, that he got credit card numbers from Heartland Payment Systems, 7-Eleven, Hannaford Bros, Nasdaq, Carrefour, JetBlue, and other companies from 2005 to 2012. (U.S. v. Drinkman, 09-cr-00626, U.S. District Court, District of New Jersey (Camden)) In February 2018, the
Infraud Organization was revealed.
Contemporary situation In more recent years, Russian language forums have gained dominance over English language ones, with the former considerably more adept at identifying security researchers and
counterintelligence activities and strict invitation systems.
Investigative journalist Brian Krebs has extensively reported on Russian carders as an ongoing game of
cat and mouse.
Carding on Telegram Organised criminals have been flowing en masse to
Telegram - and is used frequently for carding activities. Criminals create their own channels which release stolen bank data - in hope that other criminals will use it and the card will become 'dead'. The purpose behind this, is that numerous markets selling stolen bank card data, offer refunds for cards which are checked and are 'dead' as long as its checked within a given time-frame (usually two minutes). This results in hundreds of channels on Telegram being used to release stolen bank cards. == See also ==