Another large cybercrime forum appears to be biting the dust.
Joker’s Stash, believed to be the world’s largest online carding store (a cybercrime forum for selling and buying stolen credit card data), plans to go offline forever on Feb. 15. The site, which was originally founded in 2014, was a hub for troves of stolen card data.
“Joker goes on a well-deserved retirement. Joker’s Stash is closing…It’s time for us to leave forever,” the site’s operator wrote in a forum post last week. “When we opened years ago, nobody knew us. Today we are one of the largest cards/dumps marketplace[s].”
The supply chain for carding stores like Joker relies on large data breaches, usually sourced from hacks involving point-of-sale software for large retail or merchandise outlets. (A good example is Hy-Vee, a popular Midwestern supermarket chain whose payment processing systems were disastrously hacked in 2019.) Once stolen, the data is subsequently sold to a forum like Joker, and site operators post the data in what is called a “dump,” a large, monetized cache. Buyers, also known as “carders,” typically will then turn around and use the data to clone a card or multiple cards, which can then be used to make illegal bulk online purchases that can be re-sold for a net profit. Carders may also re-sell the “dump” that they’ve bought.
Joker’s Stash was one of the most lucrative of such carding stores (it’s estimated to have generated over a billion dollars in bitcoin during its term). Yet, while carding trends soared over the past year, the Joker’s criminal enterprise suffered fiscal setbacks. In 2020, customers apparently complained about the “decline in quality” of the site’s stolen data, with concerns raised regarding the validity of the posted information. The site’s operator also apparently contracted covid-19, according to a post on the site’s forum in October.
Then, on Dec. 17, an apparent raid by authorities saw several of the carding site’s servers seized, temporarily shutting down the illicit business. Though Joker rallied (“I am setuping (sic) and moving to the new servers right now, blockchain links will [be] back to work in a few days,” the site’s operator said at the time), though he apparently then decided to cash out his chips and go home.
While Joker may be stepping down, the site’s demise is expected to have a net-zero effect on the criminal enterprise that undergirded it, reports Gemini Advisors, one of the threat research groups that originally reported its closure. This is because resellers of stolen card data are likely to pivot to other large-scale dump forums. The underground payment card economy is “likely to remain largely unaffected by this shutdown,” researchers write.