Image credit: Times of Israel.
Aleksei Burkov, a 29-year-old hacker from Russia, recently pleaded guilty to numerous charges linked to the operation of two illicit online platforms, enabling cybercriminal activities that led to over $20 million in credit card fraud.
Burkov’s first venture was a site named Cardplanet, an online marketplace that facilitated the buying and selling of stolen credit and debit card information. Between 2009 and 2013, Cardplanet amassed approximately 150,000 compromised payment card details, which were priced between $2.50 and $10, based on variables such as card type and geographic location.
This marketplace not only provided stolen card numbers but also included a subscription service for buyers to verify the validity of the cards in real time. Much of the data traded on this platform belonged to U.S. citizens, contributing to substantial fraudulent activities, as indicated in previous statements from the Department of Justice.
Typical methods for acquiring these stolen credit card details included phishing attacks, malicious software infiltrating point-of-sale systems, database leaks, and compromised financial account credentials. The majority of these tactics fall within the MITRE ATT&CK framework, specifically under initial access and credential dumping categories.
Alongside Cardplanet, Burkov operated an exclusive forum that catered to elite cybercriminals. This invite-only platform served as a hub for advertising stolen personal identity information and other illegal services, including money laundering and hacking. To gain access, potential members were required to secure endorsements from existing members and pay a hefty fee, often around $5,000, reinforcing a structure designed to deter law enforcement infiltration.
Burkov’s criminal activities came to a halt when he was apprehended at Israel’s Ben-Gurion Airport in late 2015. After a protracted legal battle and the exhaustion of his appeal rights, he was extradited to the United States in November 2019. Reports reveal that Russia attempted a diplomatic exchange involving one of its citizens in return for Burkov’s release, a proposal that was rejected by Israeli authorities.
Facing charges that encompass access device fraud and conspiracy to commit computer intrusion, among others, Burkov now confronts a potential prison sentence of up to 15 years. The sentencing is scheduled for May 8, 2020, in Alexandria’s federal court.
This case underscores the significant cybersecurity risks faced by business owners today, highlighting the need for robust defenses against tactics such as phishing and credential abuse. As the threat landscape evolves, vigilant monitoring and proactive measures become crucial in safeguarding sensitive financial information and maintaining trust in digital transactions.
