WWH-Club credit card market admins arrested after cash spending spree
U.S. law enforcement has arrested two suspected admins of the WWH-Club stolen credit card marketplace after they went on a cash spending spree in Florida.
The suspects are Russian national Pavel Kublitskii and Kazakhstan native Alexandr Khodyrev, who were arrested for their roles as administrators and moderators of the cybercrime platform WWH-Club.
The two men have also had associations with other illicit platforms, including Skynetzone, Opencard, and Center-Club.
As revealed in the arrest affidavit, the two moved to Florida and spent large amounts of cash without providing any evidence of employment, prompting the IRS to investigate.
A cash spending spree
WWH-Club is a cybercrime forum and marketplace that has been operating since 2012 that sells stolen credit cards for use in fraud ("carding"), personal information, and information-stealing malware, and provides training to aspiring cybercriminals.
The platform also operates an escrow service for cybercriminals using a cryptocurrency mixer to obscure the money trace and offers users the option to upgrade to premium accounts for perks.
According to Flashpoint, as of March 2023, WWH-Club had 353,000 registered members, with about one-third of those being active within a sampled 72-hour period.
The marketplace remains operational following Kublitskii and Khodyrev's arrests. Its other administrators acknowledge the two's involvement in the platform but only as moderators.
The two co-conspirators arrived in the U.S. through Florida in December 2022 and requested asylum, which the Department of Homeland Security (DHS) granted.
While neither showed signs of legal employment, they lived an affluent lifestyle and made large purchases of luxury items using cash.
Specifically, Kublitskii opened a Bank of America account with an initial cash deposit of $50,000, rented a luxury house in Sunny Isles Beach, and went on to visit various tourist attractions.
Similarly, the arrest warrant says Khodyrev also showed no signs of employment while living in South Florida and purchased a 2023 Chevrolet Corvette for $110,000, paid in cash, in March 2023.
Their lavish spending drew the attention of law enforcement, who linked Bitcoin transactions and email communications to cybercrime operations, specifically, roles in managing and profiting from WWH-Club.
The FBI's previous investigation had unveiled that U.S. cloud computing and web hosting firm DigitalOcean was a provider for WWH-Club's server infrastructure, so a search warrant obliged the firm to hand over key information on the forum's operation and members' activities since July 2020.
Role in WWH-Club
Despite WWH-Club downplaying the importance of the arrests, the affidavit claims that the two men held central roles on the platform, using a common profile named 'Makein.'
The two were allegedly involved in every facet of WWH-Club's operation, from rule enforcement to infrastructure management. They also provided users with guidance about transactions, organized and promoted cybercrime training programs, and managed Bitcoin wallets associated with membership fees and training course payments.
The court document mentions a Bitcoin cluster associated with Kublitskii and Khodyrev that received 4,000 deposits totaling 152 Bitcoin over nine years.
Additionally, the FBI says the two attempted to evade law enforcement by building decentralized server networks and changing IP addresses frequently.
The two face charges of conspiracy to commit offenses against or to defraud the United States, trafficking in unauthorized access devices, and possession of 15 or more unauthorized access devices.
These violations are punishable by up to 10 years in prison each, with additional fines and property forfeiture at the judge's discretion.
source: BleepingComputer
Free security scan for your website
Top News:
Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)
November 18, 2024CWE top 25 most dangerous software weaknesses
November 21, 2024Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
November 21, 2024Hackers now use AppDomain Injection to drop CobaltStrike beacons
August 24, 2024