Cybercriminals are spooked by the sudden disappearance of a number of major dark web markets, leading some to wonder if the time is up for their illegal underground activities.
Cybersecurity Researchers at Digital Shadows analyzed the activity on carding forums – dark web marketplaces where criminals buy and sell stolen credit card information and other personal data – and discovered that customers were discouraged, following a series of seizures and forums that became dark.
This comes at a time when some ransomware affiliates are concerned after an action targeting REvil and other ransomware groups.
In January 2022, a message appeared on a major carding forum stating that the Russian Ministry of Internal Affairs had shut down the site as part of a “special law enforcement operation”. In joint cooperation with US agencies, the Federal Security Service (FSB) of Russia identified suspected members of the hacking group “The Infraud Organization”, including a forum administrator.
A few days later, it was announced that six other suspects had been arrested on charges related to the sale of stolen credit card information, and the same seizure notice appeared on other carding forums.
SEE: My stolen credit card details were used 4,500 kilometers away. I tried to find out how it happened
Other forums appear to have intentionally paused temporarily in what may be an effort to avoid being targeted. “Due to recent events, we are going on vacation for 2 weeks,” said the administrators of a carding site, adding, “Thank you for your understanding! We will be back soon, so don’t worry!” The market did not return and the possibility of obtaining refunds was cancelled.
A major dark web carding market that had been active for nearly a decade also recently shut down – in this case, operators claimed they were retiring, having made enough money.
But the closures and disappearances seem to be having an impact on some users, who are starting to worry.
One described it as “the scariest moment in carding history” and a “nightmare for those involved in this matter”. Another suggested that “at this rate there will be no Russian darknet by the end of the year.”
Others are more convinced that the series of shutdowns is a temporary event and that, as before, other markets will rise to fill the void.
“Some partial restores will take place in a few days or weeks,” said one user. Others suggest the future of carding will shift to other platforms, such as Telegram – although not all users trust the instant messaging service.
The shutdowns have led to discussions about operational security, as some forum members fear they will also be shut down. “Hard times have arrived. Take care and remember your safety,” one user said. “EVERYTHING has changed, go on vacation!” warned another.
Shutdowns and takedowns make it more difficult to engage in cybercriminal activity, but there will likely always be some that will continue, seeing the risk as worthwhile because of the money that can be made.
“It seems unlikely that cybercriminals will do what some forum users joke and go to work in the ‘factories,'” the Digital Shadows researchers said. “We saw a menacing actor comment that while it would be a ‘good time’ if ‘someone wanted to retire for a long time’, the card world would be ‘ok for the rest of the hard workers’.”
LEARN MORE ABOUT CYBERSECURITY