Skip to main content

Hackers stole $1.5 million using credit card data bought on the dark web

In what sounds like a movie script, over $1 million was stolen by a group that made use of thousands of credit cards posted for sale on the dark web. Some of the details of this complex cybercrime operation have come to light following an indictment by the U.S. Department of Justice.

In the United States v. Trevor Osagie, the defendant has pled guilty to conspiracy to commit credit card fraud from 2015 to 2018. Osagie worked with a network of thieves and managed to rack up over $1.5 million in damages.

At least 4,000 people were affected. As noted by Bleeping Computer, Osagie faces up to 30 years in prison and a fine of $1 million dollars. The sentencing is set for May 25, 2023.

The dark web is made up of internet content and services that aren’t accessible through normal means, and the websites and services provided are not indexed by major search engines. While the dark web isn’t always associated with illegal activities, its encrypted and anonymous nature makes it attractive to criminals.

By using the dark web, Osagie was able to recruit and manage other co-conspirators, who played various roles in the fraud. Hamilton Eromosele allegedly led the criminal network that used social media to recruit “workers” to purchase luxury items and gift cards with stolen credit cards.

From there, Ismael Aidara created fraudulent bank accounts and credit cards, while Malik Ajala provided the stolen card information. Six other people were involved in this saga, making trips to the U.S. for any task that required a physical presence. The case against them must have been strong because everyone named in the indictment entered guilty pleas.

Here’s how it worked. After this criminal network acquired stolen credit and debit card numbers from the dark web, the information was passed to members that would use this information to purchase flights to the U.S., rental cars, and accommodations. Continuing the spending spree, gift cards and luxury goods would be purchased.

The “workers” who traveled and purchased items for other members of the group were found on social media with promises of big profits and travel. The proceeds were divided up among the criminal network. After a wild, three-year rampage, the authorities were able to catch up and nab the wrongdoers.

Editors' Recommendations

Alan Truly
Computing Writer
Alan is a Computing Writer living in Nova Scotia, Canada. A tech-enthusiast since his youth, Alan stays current on what is…
Hackers can purchase government login credentials for cheap on the dark web
turkey blocks tor dark web keyboard key

McAfee’s Advanced Threat Research team recently discovered that hackers have access to many organizations that have weak credentials when using Microsoft’s Remote Desktop component in Windows-based systems. Access to these organizations -- whether it’s an airport, a hospital or the U.S. government -- can be bought for little money through specific shops on the dark web.

Microsoft’s Remote Desktop Protocol (RDP) essentially allows you to connect and use a Windows-based PC from a remote location. When those login credentials are weak, hackers can use brute force attacks to gain the username and password for each connection. McAfee found connections up for sale across various RDP shops on the dark web ranging between a mere 15 to a staggering 40,000 connections.

Read more
A vigilante hacker took down 20 percent of the dark web after finding child porn
1148276 autosave v1 tor dark web private browsing security

An attack on the Dark Web left a whopping 20 percent of it in shambles. On Friday, a vigilante managed to hack into Dark Web hosting service, Freedom Hosting II, after realizing that it was allowing child pornography sites. As first reported by the Verge, visitors to more than 10,000 sites on Friday saw not their expected content, but rather a message that read, “Hello, Freedom Hosting II, you have been hacked.”

According to the hacker, Freedom Hosting II must have been aware that it was managing child porn sites -- those in question required gigabytes of data despite the fact that the hosting service officially claims to allow no more than 256MB. As part of the hack, not only was the usual content replaced with the hacker's message, but it also served up a data dump (without user info), and an explanation as to the reason for the hack.

Read more
W-2 tax forms for 2016 can be bought and sold on the dark web at $20 or less

Security researcher Brian Krebs reports that hackers are now selling W-2 tax forms on the dark web, a collection of websites that requires special software or authorization to access and can’t be found using Google or Bing. It’s an online world where pirated software can be obtained and cybercriminal shops can thrive, selling goods like PayPal account credentials, stolen credit cards, and now apparently last year’s tax forms.

According to Krebs, the W-2 tax form data was up for sale on an unnamed dark web shop under the “other” category. The data stemmed from more than 3,600 residents from Florida and included their employer’s name, employer ID, and employer address. The info also included the taxpayer’s personal information such as address, social security number, 2016 wage information, and the taxes withheld.

Read more