Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Underground Carding Marketplace Joker’s Stash Announces Shutdown

Joker’s Stash, a large underground marketplace for stolen payment card data, has announced plans to shut down operations on February 15, 2021.

The announcement was posted on a Russian-language cybercrime forum and detailed plans to cease all operations “forever.”

Joker’s Stash, a large underground marketplace for stolen payment card data, has announced plans to shut down operations on February 15, 2021.

The announcement was posted on a Russian-language cybercrime forum and detailed plans to cease all operations “forever.”

The representatives of the carding service pointed out that, although the marketplace has become highly popular, the team is getting a “well-deserved retirement.”

“It’s time for us to leave forever,” the announcement reads, according to threat intelligence company Intel 471.

Active since 2014, the marketplace offered card data from a robust network of criminal vendors, with some of the data supposedly exclusive to Joker’s Stash. Data from various high-profile breaches was being offered on the site, including Earl Enterprises.

Underground threat intelligence company Gemini Advisory estimates that “Joker’s Stash has generated more than $1 billion USD in revenue over the last several years.”

The end of 2020 was rough for Joker’s Stash, as it was the target of a takedown attempt after attracting a lot of attention from law enforcement. The service, however, wasn’t fully interrupted.

In mid-December 2020, a message on the Joker’s Stash site informed visitors that the U.S. Federal Bureau of Investigation and Interpol managed to seize the marketplace’s servers, in an attempt to disrupt its activity.

Advertisement. Scroll to continue reading.

However, it turned out that Joker’s Stash, which has been described as an automated vending cart (AVC), had several domains up and running, and the law enforcement takedown attempt impacted only some of them.

Specifically, only the shop’s blockchain domains were affected by the attempt, which allowed operators to continue selling card data unhindered. The site’s representatives also announced at the time they would have no trouble restoring the impacted domains.

Prior to December, however, the shop’s popularity had been fading, after the threat actor who runs the site (who uses the moniker JokerStash) announced he was hospitalized with a COVID-19 infection.

Around the same time, both the volume and quality of Card Not Present (CNP) and Card Present (CP) records offered in the shop started declining, and customers began complaining of that.

In the shutdown announcement, the service’s operator says that all servers and backups will be erased after Feb. 15, but that users will have until then to spend their account balance. He also notes that partners will be paid before the service’s permanent closing.

According to Gemini Advisory, some individuals on the Dark Web speculate that the shutdown might be caused by the FBI detaining JokerStash.

Related: German Police Take Down ‘World’s Largest Darknet Marketplace’

Related: VPN Service Used by Cybercriminals Disrupted in Global Law Enforcement Operation

Related: Collection of South Korean, U.S. Payment Cards Emerges on Underground Market

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.