Naked Security Naked Security

Cardplanet mastermind pleads guilty to credit card fraud

Cardplanet offered refunds on invalid card data, along with a card checking service that ensured a stolen card was still valid.

Aleksai Burkov, a Russian cybercriminal responsible for over $20m in credit card fraud, pleaded guilty last week for access device fraud, identity theft, computer intrusion, wire fraud, and money laundering, after being indicted four years ago for operating a carding website called Cardplanet. This website, which ran from 2009 until 2013, served as a forum for cybercriminals to buy and sell credit card details stolen from victims. It facilitated the sale of over 150,000 cards that criminals then used in fraudulent transactions totalling at least $20m, according to the indictment.
Burkov, who lived in Tyumen and in St Petersburg, offered refunds on invalid card data, along with a card checking service that ensured a stolen card was still valid. He took payments through services including Liberty Reserve, which the US shut down in 2013.
He also ran another invitation-only website reserved for elite cybercriminals, according to the district attorney’s office for the Eastern District of Virginia, where the case against him was filed.

Burkov ran a tight due-diligence campaign for access to his site. Before accepting new members, he required three existing members to vouch for them. They’d also have to put up around $5,000 in insurance in case the new member failed to pay. Any members known to have been arrested were banned to stop informants from infiltrating and exposing the rest of the network.
In spite of these measures, investigations by law enforcement eventually compromised him. In December 2013 he sold stolen data for six credit cards to an undercover agent via his site. He was arrested in Israel two years later and extradited to the US in November last year.
Burkov’s original indictment called for penalties of $21,400,000. His plea bargain sees him paying back at least $1,005,977 and an iPhone 6 that were seized from him during his arrest, along with any other proceeds or property he still has stemming from the fraud.
When sentenced on 8 May 2020, he faces up to 15 years in jail, although prosecutors point out that sentences are often less than the potential maximum.

Latest Naked Security podcast


Click-and-drag on the soundwaves below to skip to any point in the podcast.

Leave a Reply

Your email address will not be published. Required fields are marked *