Tech

The Kalashnikov Carding Club

​”Hello you all know the drill,” a posting on a dark web market read this week. “These are the best fullz available. They come directly from Kalashnikov.”

“Fullz”—slang for a cache of an individual’s full identifying information—have become a staple on the digita​l underground, but Kalashnikov has access to some of the best.

Videos by VICE

Kalashnikov used to advertise the fullz himself on the Evolution market, a deep web site that sold everything from drugs to guns, but he now sells them to an exclusive “club” of carders and resellers.

I first heard about this group from another carder who mentioned that Kalashnikov only sells to select individuals, who then advertise their product by blazoning the Kalashnikov brand in their listings, which are then purchased by customers with the semi-anonymous digital currency Bitcoin. Judging by interviews conducted over encrypted messaging with some of those sellers and other users in the carding community, as well as a survey of forums, Kalashnikov is one of the biggest fraudsters on the dark web right now.

Kalashnikov’s product allegedly includes a victim’s name, date of birth, home address, and billing telephone number. On the digital side are their email addresses, passwords, and mother’s maiden name to bypass the ubiquitous security question. Of course, all credit card details are included. Kalashnikov’s fullz also claim to come with the victim’s Facebook profile, recently used IP address, and even what browser and operating system they use.

At the time of writing, these are sold to customers by resellers for between $12 and $35 each on the dark web.

When I sent an encrypted message to ThinkingFoward, a carder on dark web market AlphaBay who is advertising fullz of victims in the US, UK, Germany and other countries, and asked whether Kalashnikov’s product was the best on the dark web at the moment, they said “You wouldn’t know his name if they weren’t :)”

“They are of high quality,” alpha02, the administrator of AlphaBay, a recently launched dark web market, told me over encrypted messenger.

“As the validity is close to 100% there are no refunds or replacement under any circumstances,” another advert from a Kalashnikov reseller reads.

Most members of Kalashnikov’s “club” didn’t respond to my requests for an interview, and those who did were evasive when it came to questions about this shadowy figure. It’s unclear how many there are in total, but I found seven vendors on AlphaBay claiming to be selling fullz sourced from Kalashnikov, although three of those didn’t have any record of sales.

Screengrab: AlphaBay Market

Notably, several other vendors have tagged their listings with “kalashnikov,” even though they are not explicitly selling his product. This is presumably an attempt to have their own listings appear when a customer searches for Kalashnikov’s fullz.

A simple sketch of the carding trade starts with a source, who, after gaining access to thousands or tens of thousands of identities, typically through spamming or hacking, will sell these off in chunks to a reseller.

“If you get 10-20k worth of data, selling individually would take some time,” ThinkingForward continued. “So a source would prefer to split a 20k piece of data into 10 x 2k pieces of data.”

Then the reseller, who will have a presence on one or more dark web markets, will sell the fullz off to individual customers at a profit. If a reseller is lucky, this relationship will last for a while.

“Sourcing is sourcing,” ThinkingForward said. “Once you find a good supplier, in general terms you stick and work with them for a period of time. It’s the same for any product. You may never find a good source, or you may find a few.”

After joining the club, a reseller will communicate with Kalashnikov via ICQ, a chat service that can be combined with an off-the-record encryption plugin.

This approach appears to have made the flow of fullz from Kalashnikov to his club fairly stable. Back in March, the dark web market Evolution disappeared. In the ensuing panic, communication between the source and the resellers was able to continue, since they were connected via ICQ, rather than on any single dark web market.

Other users, it appears, are desperate to join Kalashnikov’s inner circle

“I am still in contact with Kalash,” ThinkingForward wrote on the AlphaBay forum shortly after Evolution shut down.

“I don’t know how much he lost [from Evolution] but business is continuing as usual,” StrattonOakmont, another Kalashnikov club member, wrote on the AlphaBay forum.

If Kalashnikov continues to operate at an arm’s length from the markets, presumably this means that his funds will be more secure: Since they’re not stored in the escrow system of a dark web market but are instead transferred directly to and from a group of resellers, there is no third party to run off with the Bitcoin while in transit.

Other users, it appears, are desperate to join Kalashnikov’s inner circle. “Kalash I’ve been trying to reach you on ICQ about joining your club so I can buy BULK CANADA fullz,” a user called bankc wrote on the AlphaBay forum. “I’m a serious and good buyer.”

Despite all of this, it appears that Kalashnikov doesn’t totally dominate the market, at least on AlphaBay. “On the market we have a lot of vendors and they all have their share,” alpha02, the AlphaBay administrator, continued. Those include the “QDivision” team and “Courvoisier.”

Kalashnikov, whoever they are, did not respond to a request for interview.