<div dir="ltr"><a href="https://www.securityweek.com/servers-carding-site-jokers-stash-seized-law-enforcement">https://www.securityweek.com/servers-carding-site-jokers-stash-seized-law-enforcement</a><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><p><strong><font face="arial, sans-serif">The
blockchain domains of Joker’s Stash, a popular underground marketplace
for stolen payment card data, have been seized by law enforcement.</font></strong></p>
<p><font face="arial, sans-serif">On
December 17, the shop’s website displayed an image claiming that the
U.S. Federal Bureau of Investigation and Interpol had seized it.</font></p>
<p><font face="arial, sans-serif">Joker’s
Stash is an automated vending cart (AVC) that had several versions of
the site up and running, including blockchain domains .bazar, .lib,
.emc, and coin, and two Tor (.onion) domains. The takedown attempt,
Digital Shadows reports, only resulted in the .bazar domain becoming
unavailable.</font></p>
<p><font face="arial, sans-serif">What
the two law enforcement agencies apparently managed to do was to seize
proxy servers that were used in connection with the Joker’s Stash
blockchain domains.</font></p>
<p><font face="arial, sans-serif">Following
the action, Joker’s Stash operators decided to take the site down
completely, but took it to Russian-language carding forum Club2CRD to
provide clarifications on the issue, revealing that no “shop data” was
present on the affected server.</font></p>
<p><font face="arial, sans-serif">The
representatives of the carding site also revealed that they were
working on creating new servers to move the site to, promising the
marketplace would be completely functional within days. The Tor versions
of the portal were not affected by seizure.</font></p>
<p><font face="arial, sans-serif">A
decentralized system for top-level domains, Blockchain DNS technology
provides multiple security advantages, but also makes it more difficult
to target domains that use it, as they are no longer regulated by a
central authority.</font></p>
<p><font face="arial, sans-serif">Joker’s Stash, Digital Shadows explains,
has been using Blockchain DNS since July 2017. Following last week’s
action, Joker’s Stash’s blockchain domains (.bazar, .lib, .emc, and
.coin) started displaying a “Server Not Found” error. The Tor domains,
however, remained accessible.</font></p>
<p><font face="arial, sans-serif">“Generally
speaking, if the Joker’s Stash takedown was a coordinated law
enforcement operation, it’s likely that the law enforcement banner would
remain in place to demonstrate that other Blockchain DNS services
aren’t untouchable. On the other hand, it’s possible that law
enforcement thought they had taken the entire Joker’s Stash service
offline, rather than just one component, and quickly removed the banner
after finding out that this was not the case,” Digital Shadows points
out.</font></p>
<p><font face="arial, sans-serif">Intel
471’s security researchers believe that, provided that law enforcement
indeed seized Joker’s Stash servers, the marketplace would be able to
quickly restore its services.</font></p><p><font face="arial, sans-serif">“It’s
apparent that major intrusions resulting in valuable stock for sale
across his shop has taken a bit of a dive over the last year. This could
be a result of many things, from the pandemic to the massive shift of
many cybercriminals to ransomware, where significantly less effort can
lead to marginally higher profits,” Intel 471 VP of Intelligence Mike
DeBolt commented. </font><span style="font-size:medium"><span style="font-family:"trebuchet ms",geneva"><br></span></span></p></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>