Card Not Present Fraud , Cybercrime , Fraud Management & Cybercrime

US Charges 2 for Running Russian-Speaking Carder Forum

Unemployed Defendants Allegedly Bought Luxury Car, Lived in Beach House
US Charges 2 for Running Russian-Speaking Carder Forum
Two alleged administrators of a Russian-speaking carder forum sought asylum in the United States and now face federal criminal charges. (Image: Shutterstock)

U.S. law enforcement charged two alleged masterminds of one of the largest Russian-language cybercrime forums after they claimed asylum inside the United States and lived a luxurious life in Miami despite their evident lack of employment.

See Also: OnDemand | Everything You Can Do to Fight Social Engineering and Phishing

Federal authorities accused Russian national Pavel Kublitskii and Kazak national Alexandr Khodyrev of acting as administrators of carding platform WWH-Club as well as similar sites Skynetzone, Opencard and Center-Club.

A Florida federal judge approved arrest warrants for the two, which led the FBI to detain Khodyrev on Thursday. Khodyrev posted $225,000 in bail and agreed to home detention, GPS monitoring and heavy restrictions on internet usage. He made bail in part by surrendering his Mercedes-AMG G 63 sports utility vehicle.

Authorities arrested Kublitskii Aug. 6. He posted a bond for $100,000 and is also under house arrest with GPS monitoring. The court told him not to use a smartphone, including his wife's, which the government will monitor for illicit use.*

In business since 2012, according to Flashpoint, WWH-Club distinguished itself as a forum to discuss payment card fraud and by offering tutorials in carding skills. Its admins also earned revenue from an escrow service and by selling ads. A course lasted around six weeks, cost about $975 and included homework and exams. A commercial post could cost up to $780, Flashpoint found. A bitcoin cluster associated with forum administrators received deposits worth nearly $1 million over a little less than a decade.

Kublitskii and Khodyrev allegedly operated through the common profile name of "Makein" and were part of every aspect of WWH-Club's operations, from rule enforcement to infrastructure management. Site administrators attempted to evade law enforcement by building decentralized server networks and changing IP addresses often, the complaint says. Web domains associated with the carding operation as of Monday don't appear to be functioning.

Prosecutors say the duo arrived together in South Florida, where they claimed asylum, and each provided the same Miami-area address to authorities. Kublitskii rented a beachside condo while Khodyrev in 2023 purchased a Corvette for $110,000, in cash. "While it does not appear either subject has employment in the U.S., both subjects are using substantial amount of cash to fund an affluent lifestyle," an FBI agent said in an affidavit.

Federal agents say they tracked the pair down by obtaining in July 2020 an image of the server hosting wwh-club.ws after tracing its IP address to data centers owned by U.S.-based DigitalOcean. Using Google Translate and a reconstructed SQL database, agents were able to obtain email addresses of user accounts and determine their privilege level and their passwords.

Based on the server image, WWH-Club appeared to have approximately 170,000 registered users, including seven administrators. Another 32 users had "staff" privileges," and 29 could moderate posts.

As is typical of Russian-speaking hacking operations, the forum prohibited members from conducting criminal activities inside the Commonwealth of Independent States, a Russia-dominated regional association consisting of former countries formerly a part of the Soviet Union.

The defendants face charges of conspiracy to traffic in unauthorized access devices and conspiracy to possess 15 or more unauthorized access devices, each of which has a maximum sentence of 10 years.

*Updated Aug. 13, 2024 16:07 UTC: Adds that Kublitskii was arrested and is under home arrest.


About the Author

Rashmi Ramesh

Rashmi Ramesh

Assistant Editor, Global News Desk, ISMG

Ramesh has seven years of experience writing and editing stories on finance, enterprise and consumer technology, and diversity and inclusion. She has previously worked at formerly News Corp-owned TechCircle, business daily The Economic Times and The New Indian Express.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.