PCI Blog - Compliance Demystified

By more info please on Jul 18, 2008

I have researched these scammers after I was the victim of identity theft two years ago. There is one major online board left. It’s address is http://www.darkmarket.ws and was around long before cardersmarket. But it’s restricted access. I’d love to see what those thieves are doing now.

By Not Known on Aug 3, 2008

what do you think? they are making money LOL

By Uncle Bob.. on Aug 5, 2008

The past is prologue..

http://www.darkoperations.net

By Uncle Bob.. on Aug 5, 2008

(If they are a thief then what keeps them from selling the same data to multiple people and making even more money?)

This has been done since the beginning of the carder boards. Many people sell data over and over, which is why so many victims are re-victimized over and over again. If you are a thief, why sell data only once? The thieves figure to make as much money as they can off of every piece of data they receive. An average carder is not going to know the difference unless it is a credit card - which would show as stolen when they check it before use. Standard informational data is re-sold over and over until fraud alerts are placed in a file, and then a carder would know the data is not workable, but only after its been sold a hundred times to a hundred different people.

(Well, how do you know who to buy from on eBay? Reputation!)

Hardly. These days a rep is nothing short of a signal that you are probably an LE plant. Not only that, reps are made via reviewers on the boards that are usually LE agents or Security people who are in positions of power on a board. Therefore if someone wants a review, he is reviewed usually by an LE agent or Security agent in disguise on the board. Which is why not all products get reviewed. If your product is average or plain jane, no one will review you. The only people that get reviewed these days are those who have products which LE or Security sees as something they wish to investigate.

(That’s right carders would give each other feedback online to build their reputation.)

This is not usually a method which can work these days, as security companies can come in and ruin a real reputation with a Sybill attack where they create nicks to defuse a vendors reputation just because they can or to keep the data from flowing to channels they feel it shouldn’t flow towards. A vendor today has many obstacles to selling the data he has, and that is just one of them.

(Historically carders would sell their wares brazenly via online websites such as Boa Factory, CardersMarket, and ShadowCrew. These A-list credit card trading centers gave rise to hundreds of smaller sites such as TheftServices, CCPowerForums, ScandinavianCarding, DarkMarket, DarkPay, and The Grifters.)

Most of the above boards outside of Carderplanet have been LE boards or boards where LE had a major stake in. The Darkmarket.ws board being one of the last men standing boards that stands out because it is amongst every other board you quoted that later proved to be in LE’s pockets. Doesn’t matter which LE, could be Canadian, Russian, USA, ICE, Postal Inspection etc. The fact that all of the boards so far mentioned have either been run or had LE in upper level positions makes Darkmarket.ws the last hold out as to whether it too is also compromised or ran by LE as well.

(Boa Factory was run by Roman Vega, a Urkanian national, presently in jail in California.)

Wrong. He is in New York. He was transfered there long ago when California gave him a release for time served based upon his plea agreement with authorities there. Just as he was to go home, New York indicted him for the same exact thing as he was charged with in California, only adding a few extra charges to make it impossible for him to be released. He then had to scuttle his California plea deal and now faces the man all the way, both in California and now in New York, making his release almost impossible into the foreseeable future.

(He was king of the underground making large amounts of money selling passports, travelers checks, plastic cards, and “dumps” (what hackers call Track or Magnetic Stripe Data). Roman operated unique to all others in that he subcontracted work to lawyers, botnet owners, hackers, traffickers, and carders.)

The funny thing about what he did was that he attracted the real scene people, you know, those straight guys who are straight only because they haven’t been caught doing anything yet. That is the difference between those who say they are law abiding citizens - when in fact they are only that way until they get caught doing something illegal. The line between straight people and criminals is definitely a small microscopic line.

(Shadowcrew was a similar operation but operated as a message board for hackers to trade and exchange illegal credit card information such as “dumps”, CVV2 numbers, social security numbers (SSN), and much more. A hacker with the handle of Iceman ran the bulletin board and policed the illegal activities.)

Wrong. Iceman ran Cardersmarket.com. Shadowcrew was run by in order of appearance:

Kidd (Richard Stiles)(Security guy who founded the site and was never prosecuted)

Macgyver (Kim Marvin Taylor)

Gollumfun (Brett Johnson)(Secret Service informant)

OTF (Kenneth Fluery)(Later an ICE informant)

MR X (Secret Service informant)

Theallseeingphantom (Jeff Duffet)

Decepgal (Diane Avery)

Deck (Andrew Mantovani)

Agrivan (Name Unknown)

Black Ops (David Appleyard)

and a few other lessor known people all in the Firewall indictment.

(Another member of that board David Thomas (aka. ElMariachi) disliked the operation and broke off forming another site called The Grifters.)

Wrong. Thegrifters was formed in 2003 while Cardersmarket was formed in late 2005-2006 area of time. Before you write something please check your facts which are available on google free of charge. When you post this type of information it adds to the dis-information already out there - which only serves to confuse and confound the public at large as to what really goes on or what really happened.

Remember, one textual mistake as the above causes another round of what really happened to start. Get it right the best you can and try as hard as you can to check your facts which are freely available to anyone who truly wants to check them before you post them. If you are this bad on the surface, you only make your blog look useless down the road to those who depend on PCI compliance and everything you say being accurate and true. If you are so wrong above, then what else are you wrong about that you post? I think you get my point.

(Iceman and ElMariachi disliked each other in ways never imagined.)

You got that right. It was intense hatred - and still continues to this day. He wants to piss on my grave and I want to piss on his. I am an old man - and he is a youngster in prison working his way through the Virginia prosecutors office at the moment trying to see if he can get a softer sentence for his past crimes and get out early enough to piss on my grave before I can piss on his in prison. Wonder who will get to piss first?

Stay tuned as you are wont to say in your blog…

(You can read even more about this via a compilation of news articles from CanWest News Service.))

That was the Cybermobs story and had nothing to do with Iceman, Cardersmarket or anything else other than Shadowcrew.

If you want to read anything about that series of incidents on Cardersmarket in the news you can read the USA today article on Iceman which I had been sourcing that low life Byron Achido or whatever his name was.

(Once law enforcement took down one message board another would pop up, and the carders and buyers would migrate their operations. CardersMarket was the largest of the last online carder forums. It was run by, you guessed it, Iceman. When the police took down CardersMarket they arrested Iceman (aka Max Ray Butler, Max Vision, Digits, Aphex.))

And many others along the way. Matter of fact when they closed down CM they (LE) were the ones to turn out the lights. By that time there was hardly anyone left to arrest on Cardersmarket, so the operation was closed and Iceman was finally removed.

(Law Enforcement (LE) quickly caught on and started shutting down each of these online sites.)

Not true. The boards continue to pop up, but no one believes in them anymore - other than lame kiddy carders who think that their board is the next one to take over. LE never shutters a site that has a program, the only one’s that get shut down are those that are NOT a part of the program, leaving the one’s up that LE has a large hand in operating, supporting or otherwise gaining enough arrests. However these boards are very limited these days, and soon it will be over with the closure of Darkmarket.ws as the last of those boards will finally close down the carding scene as it was from 2002-200?.

(These days the online message boards have all but disappeared with the carders moving to older technology as their last resistance against law enforcement.)

And pray tell what older technology are you speaking of? They haven’t disappeared, they were taken over by hacker boards who control all of the information they get now - and none of them leak that info to some lame carders, as carders are thought of now as low life lamer wannabees.

(Now that we have identified the ‘carders’ of the underground, the next article in this series will focus on the actual flow of credit card data - from the POS to the point of monetization. We will also explore how this channel is similar to the current housing market and why prices are so low. Stay tuned.)

The prices are low because demand is soft because everyone has been arrested and or gets arrested very quickly leaving the scene dead as a doorstop. The other reason is because security is now at an all time high in the retail sector, and all the old ops of the past are now dead because of it. Security companies have closed almost every major hole in the ops of the past, leaving only skimming and sniffing data trails from open ports on major retailers POS as a last bastion of fraud that is left to make money from. When that is closed up, there will probably be an end to online fraud, unless someone comes up with a newer or better way for everyone to make money. If a new way is not brought out, it will finally die - and the result will be massive layoffs in the security industry when the flow of information dries up and the threat level tones down. Of course 5 years after that it will spring back up, but until then allot of people are going to be looking for work, and allot of security people wont find it. I can say this, it’s going to be a reverse of the boards now in the security sector. If you think that your job is safe, think again, people eventually catch on to the scams of fear - and when they do, you guys will be out on your assess quicker than all the boards went down.

As you said, stay tuned…

By E. Allen on Aug 14, 2008

“Uncle Bob”
You have made many posts across a lot of blogs and websites, and you always post the same semi-truths.
You should preface your posts with the admission that you are “El Mariachi” otherwise known as David Renshaw Thomas, and one of those criminal carders mentioned in the news reports detailing the shadowcrew arrests. Calling out other cyber-crooks and pointing fingers at them doesn’t make what you did (and do) any less kosher. David Thomas did a stint as an FBI informant, from what I have gathered following the case of Shadowcrew. Clearly, the FBI has a horrendous lack of concern regarding their informants undermining investigations or continuing to run their scams. I’ve read that of the actual informants, two have been charged for committing crimes while working for the police. These informants/cybercrooks are:
Brett Shannon “Gollumfun” Johnson http://www.wired.com/politics/law/news/2007/06/secret_service
Albert “Segvec” Gonzalez -http://blog.wired.com/27bstroke6/2008/08/11-charged-in-m.html
and http://seattletimes.nwsource.com/html/nationworld/2008107034_hack12.html

You, Mr. Thomas, are also a paid informant by your own admission, and have been canvassing many blogs and websites posting your revised version of your own personal history and criminal involvement with these websites. I believe, sir, you should apologize for the thefts and crimes you committed prior to your arrest rather than attempting to downplay your culpability.

By E. Allen on Aug 18, 2008

El Mariachi, or should I say David R. Thomas, you are one of the lowest kinds of identity thieves around. You took your share of stolen money, when you were caught stealing and carding. Did you EVER apologize to the victims from your crimes? No? Then die and shut up already, thief.

When you want to post names of informants, dont post your worthless disinformation, post the REAL informants (and practicing identity thieves) You, Decepgal (Diane Avery), Voleur (Omar Dhanyani, who was busted for money laundering in February 27, 2003, then is “hand-picked” by Gonzalez (Cumbajohny) to be the official egold-cash money changer on Shadowcrew, then there’s the cop Lord Cyric. Post their names, why don’t you?

Post how you got your close friend John Dillinger busted. Funny how anyone and everyone that got close to you, even if they WEREN’T committing crimes but only chatting with you got busted.

You fed the cops as much bullshit as you have been feeding these blogs and message forums.

By haskill on Aug 19, 2008

there is a factual error in Thomas’ report over the formation of “thegrifters.com” website. he did not start it after disagreements with or disliking iceman, thegrifters.com was established by the FBI as a sting operation. “el mariachi” was just a paid informant.