FBI Takes Down Poorly Secured Carders

FBI Takes Down Poorly Secured Carders

Operational Security, or OPSEC, is the very core of running any kind of clandestine operations, be it a government or a criminal organization.  When you fail to secure OPSEC, you are doomed to lose everything.

Which is what happened in a story told by Brian Krebs about an illegal carding site ran by a bunch of guys in New Jersey, North Carolina and Florida and how the FBI put the dots together to bring them down.

Krebs article describes how the website fakeplatic[dot]net was taken down by an investigation by the FBI and U.S. Postal Investigative Service started a year ago. It goes into great detail about how the site was seized from the accused owner, Sean Roberson,  by the U.S. Justice Department.

After which, it started tracking down the main players using the site for illicit activities.


The FakePlastic[dot]net site as of now, owned by the DoJBy discovering an e-mail address used to create tracking numbers for carder purchases, the FBI was able to file a warrant to search that email via Gmail.  Further investigation showed that all e-mails were sent to both the Gmail account and to a TorMail account.

TorMail had previously been subpoenaed by the Justice Department in dealing with a case against child pornographers and it was an easy task of getting access to this new e-mail account because of previous working with the French government.

TorMail is used on the TOR network for anonymous e-mail and it’s servers located in France.

After the take down of the Liberty Reserve virtual currency used by cyber-criminals in the past, fakeplastic switched to accepting BitCoin payments, further evidence was gathered because of communications with BitCoin exchange services found on the Gmail account.

The communication with the exchange showed confirmations of withdrawals made from a certain IP address, apparently the IP of the owner of the Gmail account.

The FBI asked Time Warner, a prominent ISP, for assistance and records for this IP but they claimed that all those records were no longer available.  So instead, they turned to Amazon.com, they noticed that an account existed for Roberson and that the Amazon account and Gmail account both referenced the same purchases.

Further assistance from Amazon was required that led the FBI to positively identify Sean Roberson as the account holder and that he had multiple purchases made for commonly used carding equipment.

Even more additional evidence was found because of an announcement made on the carding site informing users that the administrator was going on vacation and the shop would be closing.  The FBI was able to correlate the vacation activity by Roberson at the same time that the “vacation” was taken by the administrator of the carder site.

I would say this is a ton of evidence against Roberson and based on it, he is most likely going to be found guilty. Along with the other’s associated with him in this carding scheme.

The estimated amount of total loss to consumers because of this carding business was more than $34.5 Million. Which is a conservative estimate according to Krebs.

Let’s hope this style of  taking down cyber criminals continues on the part of the U.S. Justice Department as well as internationally, the biggest mistake any criminal can make is not covering up their tracks well enough because sooner or later someone is going to pick up their scent.

To read more into how this whole bust went down, check out the article by Krebs and/or the press release by the Justice Department.

Thanks for reading and safe surfing!


Adam Kujawa

Director of Malwarebytes Labs

Over 14 years of experience fighting malware on the front lines and behind the scenes. Frequently anachronistic.