Wednesday, April 10, 2013

Historical OSINT - The "BadB International" Cybercrime Enterprise


BadB is the nickname of Vladislav Anatolievich Horohorin, a high profile carder, who eventually got busted in France in 2010. This month, he was sentenced to serve 88 months in prison, ordered to pay $125,739 in restitution, and sentenced to two years of supervised release.

In the wake of these events, I decided to release some raw OSINT data regarding BadB's official Web site, hxxp://badb.biz.


Related URLs: hxxp://badb.biz; hxxp://badb.org; hxxp://dumps.name
Emails: badb4cc@yahoo.com; metaksa_s@yahoo.com; support@agava.com; admin@agava.com; admin@carderplanet.biz
ICQ: 49162552
Phone number: +19522325532 (Working according to BadB in 2009)

IP hosting history for badb.biz from 2005 to 2010 in the format (initial hosting IP -> IP change detected to a new IP):
217.107.212.115 -> 64.202.167.129
64.202.167.129 -> 217.107.212.115
217.107.212.115 -> 217.107.212.9
217.107.212.9 -> 89.108.66.104
89.108.66.104 -> 68.178.232.99
68.178.232.99 -> 89.108.66.104
216.8.177.23 -> 78.109.18.150
78.109.18.150 -> 196.32.222.9
89.108.73.117 - >94.75.221.75
94.75.221.75 -> 92.241.164.92



Sample Abous Us section description from badb.biz:
We are independent e-commerce security investigation group. We are help e-commerce organisations such as Visa, Mastercard, regional processings and other e-commerce structures to understand how vulnerable they are. We are not connected to any crimminal structures, not performing any outlaw actions by ourselves, not selling drugs, not sendinding any spam, not connected to any child porno, not supporting terrorists itselves nor terrorist organisations. If you received any spam from us - this is a fake of our enemies we are never use spam to promote our site. All information you can read here provided "As Is" and only for educational purposes. All articles are copyrighted. If you wish to take any part of information from here - please reffer to origination site. All we do - is we have for sale some dumps, cvvs and cobs - just for experemental purposes of our custommers ;-) We listen and effectively respond to your needs and those of your clients. We are experts at translating those needs into marketing solutions that work, look great and communicate well. Each day brings increased opportunity to increase business in current as well as new. 

This case is a great example of a simple fact - with or without BadB, the market for stolen credit cards data, continued growing throughout the entire 2011. Then in 2012, we witnessed two law enforcement operations, courtesy of SOCA, and the FBI. However, despite these efforts, the market for stolen credit cards data remains as vibrant as always.

Thanks to the standardization taking place in respect to the money mule recruitment process, as well as the nearly identical online shops for stolen credit cards data, those who cannot "cash out" the balances of the credit cards, will choose to risk-forward the selling process to the buyers of the stolen data. The rest, will basically continue looking for more efficient, automatic, and anonymous ways to get access to the stolen money, continuing to rely on money mules of virtual currencies.

This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter.

No comments:

Post a Comment