Card Not Present Fraud
,
Cybercrime as-a-service
,
Fraud Management & Cybercrime
US Indicts Russian National Denis Kulkov for Authenticating Stolen Credit Cards
U.S. authorities revealed the Russian man behind a two-decade span of abetting cybercriminals’ theft of credit cards, dismantled his online infrastructure and offered a hefty reward for information leading to his arrest.
See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources
Prosecutors say the man, Denis Gennadievich Kulkov, 43, since 2005 ran a service now known as Try2Check that validated which payment card numbers in batches of stolen card data are still active. It appears to have processed tens of millions of card-checking transactions per year.
From his southwestern Russian hometown of Samara and from Moscow, Kulkov most recently charged 20 cents per validation check, according to a three-count criminal indictment unsealed Wednesday. If convicted, Kulkov – aka “Kreenjo,” “Nordex” and “Nordexin” – would face up to 20 years in prison.
The U.S. Secret Service worked with authorities in Germany and Austria to take offline the four domains that resolved to the Try2Check service, including one domain on the dark web. The Department of State said it will pay $10 million for information leading to his arrest. Russia does not extradite its nationals.
“Although Try2Check has competitors, it appears to be one of the most popular websites of its type among cybercriminals,” states Kulkov’s federal indictment. Prosecutors said they don’t know how much money he made over the course of his 1-year criminal career, but it’s at least $18 million. Court documents portray Kulkov as a gleeful spender of money who set up an Instagram account titled as “Dennis Kulkov Ferrari owner” and bought a Land Rover.
Kulkov was able to validate payment cards by masquerading as a legitimate merchant seeking preauthorization charges. In 2018, he set up a Delaware limited liability corporation and sought assistance in gaining an account with a major U.S. payment processing company identified by prosecutors as “Victim-1.”
Much of the case against Kulkov stems from an email address for a combined email and cloud backup service host. A federal judge in 2019 authorized a search of the account. Investigators found screenshots of the Try2Check administrator panel, site users and their bitcoin balance. They also found backup images apparently taken of computers used to operate Try2Check.
The prosecution against Kulkov comes just months after an international law enforcement operation seized WT1Shop, an online marketplace that sold millions of Social Security numbers, payment cards and other credentials. U.S. prosecutors unsealed an indictment against the site’s alleged administrator, a Moldovan man named Nicolai Colesnicov.
Governments have successfully taken down a slew of carding websites over the past year, but experts warn that new fresh alternatives typically debut quickly (see: Darknet Markets Thrive Despite Repeat Disruptions by Police).