Whenever Russians are mentioned in a story about the criminal underground, they were most likely part of some illicit activity. A few years ago, Russians appeared to be deeply involved in spam campaigns and sending illicit pharmaceuticals online. More recently, there have been increasing mentions of Russians participating in ransomware distribution, as well as in various fraud schemes. In every case, Russians play the role of the ‘bad guy’.
Flare Systems’ research team came across a guide to use stolen credit cards to purchase cryptocurrencies. It identified which exchanges to purchase cryptocurrencies from, where to get fake identity papers, and, most interestingly, which payment method to use. In this case, the author suggested fraudsters use Russian credit cards for the following reasons:
- Russian banks do not share their customers’ personal information (names, addresses) with merchants at the time of purchase. Russian data protection laws make it impossible to fully vet who owns a credit card, making it easier to commit fraud.
- Russian credit cards are apparently seldom used by fraudsters, and are not correlated with high fraud scores in automated fraud prevention algorithms.
- Russian law enforcement and banks are unlikely to cooperate with Western investigations into credit card fraud.
- Russian credit cards apparently have relatively high balances. These cards would have over $1,000 of available credit to be abused by fraudsters.
The fraudster’s suggestion is interesting, turning the table on who the victim and fraudster are. Has your company implemented systems to manage payment cards issued by Russian banks, and to manage their data protection laws? In many cases, the answer is probably no. Popular carding shops offer Russian credit cards for sale, and advertise the availability of multiple classes of cards.
When advertised, Russian credit cards appear to be priced on the high end. While many credit cards are sold in the $5 – $15 price range, the price for Russian cards appears to be much higher, with many of them fetching over $50 on stolen credit card reselling sites such as the one below. This suggests either that the demand for Russian cards is high, or that the supply for these cards is limited.
Of the two hypotheses, the first one is the most likely to be true, as Russian credit cards are available on multiple markets, and even in Telegram chat rooms as shown below.
Conclusion
While we did find evidence that Russian banks were targeted and abused by malicious actors in North America, we also found, yet again, that Russian banks were used to receive payments for illicit services. Therefore, they were very much part of the problem. In the posting below, detected on a popular criminal forum, the largest Russian bank is mentioned in bold and red (no emphasis on our part), even before bitcoins.
This demonstrates that there are no allegiances in the criminal underground. Malicious actors target the same institutions that make it possible for them to trade. There is therefore no impunity for anyone. There is a widely accepted belief in the security industry that Russian authorities rarely investigate fraudsters in their own country, as long as they do not attack Russian financial institutions. The reverse may be happening, whereas fraudsters target Russian financial institutions exactly for the lack of cooperation between Russian and Western authorities. This makes us wonder: what would happen if law enforcement agencies did collaborate with each other?
