On September 26, the Department of Justice announced the indictment of two Russian nationals who were charged with operating two of the largest cybercrime carding shops, Joker’s Stash and its competitor Rescator.
Until its voluntary closure in early 2021, Joker’s Stash was the internet’s biggest card shop. It was a large underground repository for stolen credit cards and data sourced from online and physical transactions—both card-not-present (CNP) and card-present (CP) transactions. Joker’s Stash obtained stolen card data from major retail and restaurant chain breaches. The shop also had an extensive collection of personally identifiable information, including social security numbers.
Rescator was a long-running brand of cybercrime markets that has operated since 2014, with some service interruption from about 2019 until late 2021. Prior to setting up their dedicated shop, Rescator advertised card dumps on other forums as early as January 2013. Rescator’s shops have been tied to several high-profile credit card breaches.
Russian national Timur Kamilevich Shakhmametov (aka “JokerStash,” “Vega,” “v1pee,” “vip,” and “ViperSV”) created and operated now-defunct Joker’s Stash. Ivanov allegedly provided payment processing support for the Rescator card shop through the UAPS and PinPays services for purchases made on the site using Bitcoin.
Russian national Sergey Sergeevich Ivanov (aka “Taleon,” “UAPS”) created and operated payment services PM2BTC, PinPays, and UAPS, which provided money transfer services to cybercriminals. According to the indictment, Ivanov operated UAPS since at least May 2013, advertising across multiple dark web forums. Ivanov additionally operated Rescator.
Shakhmametov and Ivanov are accused of conspiring to commit bank fraud, access device fraud, and money laundering. The defendants allegedly facilitated the sale of millions of stolen payment cards, with estimated profits ranging from $280 million to over $1 billion.
This indictment against Shakhmametov and Ivanov represents a significant case in the ongoing fight against cybercrime, particularly in the realm of financial fraud and money laundering. The charges reflect the scale and sophistication of the alleged criminal enterprise. By targeting both the infrastructure (UAPS, PinPays, PM2BTC) and the marketplaces (Rescator, Joker’s Stash), the prosecution is addressing multiple layers of the cybercriminal ecosystem.