Russian law enforcement have apprehended 25 people as part of an investigation to wipe out a network of illegal online platforms that supported the illicit buying and selling of payment cards and stolen personal information.
The Federal Security Service (FSB) arrested the more than two dozen persons, among them Russian nationals and foreigners, who have allegedly been masterminding a digital identity theft racket via dark web.
It is reported that the cybercriminals operated a dark web marketplace called BuyBest/GoldenShop, and several other mirror websites that facilitated the illicit trade.
According to a Russian court file document, a threat intelligence firm had issued an alert on the cybercriminal ring that implicated the accused hacker Alexey Stroganovto (alias Flint24) be among the arrested individuals.
Apart from running dark web sites, it is alleged that Flint24 and his counterparts operated online shops that existed in the surface web, including wuzzup[.]com and dumpsmania24[.com].
In highlight of how big a role the 25 people played in sustaining a cybercriminal underworld, investigators discovered that the arrests had become a hot topic across Russian-language cybercriminal platforms.
Among the defendants arrested by Russian authorities included Ukranian and Lithuanian nationals spread around 11 Russian regions. In material terms, the arrests led to searches that yielded about $1 million in cash, 3 million rubles, gold bars, devices such as computers and servers, guns, fake IDs including Russian and government identification documents.
The Dark Web Marketplace
According to the FSB, the arrested persons ran about 90 mirror sites associated with BuyBest – pages that served to keep the platforms operational in the event that the main website was taken down by authorities of hackers. Specifically, a host of sites with names such as “BuyBestCC” and “BuyBestBiz” became conduits for the movement of stolen personal data. Detectives also found out that the criminals promoted their services on another platform called CarderBazar.
Reflecting on the FSB’s takedown of the BuyBest platform along with its mirror sites, Gemini Advisory (a New York-based fraud intelligence company) confirmed that BuyBest/GoldenShop had gone offline. At this point, cached pages can still be accessed online – which promote databases of payment cards, including debit PIN numbers that most cybercriminals struggle to acquire.
In terms of market activity, Gemini Advisory wrote that the BuyBest/GoldenShop platform was created in 2013 and had so far been a highly profitable venture for its operators. The firm estimates that 7 years since its creation, the entire enterprise garnered $70 million – about $18 million being remitted to the platform’s owners, and about $52 million earned by the market’s suppliers of stolen data.
Overtime, BuyBest/GoldenShop became a leader is the trade of phished data, including Social Security Numbers (SSNs), dates of birth (DOBs) and people’s IP addresses. By the time the Russian authorities descended on the platform, BuyBest had managed to sell millions of stolen card information – with some of the stolen records being tied to breaches like the 2018 data security case that hit Caribou Coffee.
A Rare Operation
Concerning the latest developments, the Russian law enforcement operation comes as a surprise – it is rare for the country’s law enforcement agencies to target cybercriminals within its borders. Typically, Russian authorities have been reluctant to prosecute cybercriminal cases involving their citizens as long as they target foreign victims.
It is on record that Kremlin has always tried to prevent the extradition of Russian citizens accused of cybercriminal acts targeting international destinations. It can be inferred that this aspect stems from the rather historical fact that the Russian legal system has engaged prolonged extradition battles. In fact, it is believed that the FSB has coordinated their operations with Russian scammers to boost Russian intelligence by accessing hacked American systems.
Reasons behind the decision by Russian law enforcement to act on this group of hackers (and not others) is still a mystery. This considering the fact that Stroganovto was not a newbie in the game – he was an active member of several top level Russian marketplaces, operating websites specializing in credit fraud and other forms of cybercrime.