Card Not Present Fraud , Cybercrime as-a-service , Fraud Management & Cybercrime

Police Seize Key Carder Market Infrastructure

US Indicts Russian National Denis Kulkov for Authenticating Stolen Credit Cards
Police Seize Key Carder Market Infrastructure
Denis Kulkov drives his Ferrari in an undated photo. (Image: U.S. Attorney's Office for the Eastern District of New York)

U.S. authorities revealed the Russian man behind a two-decade span of abetting cybercriminals' theft of credit cards, dismantled his online infrastructure and offered a hefty reward for information leading to his arrest.

See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors

Prosecutors say the man, Denis Gennadievich Kulkov, 43, since 2005 ran a service now known as Try2Check that validated which payment card numbers in batches of stolen card data are still active. It appears to have processed tens of millions of card-checking transactions per year.

From his southwestern Russian hometown of Samara and from Moscow, Kulkov most recently charged 20 cents per validation check, according to a three-count criminal indictment unsealed Wednesday. If convicted, Kulkov - aka "Kreenjo," "Nordex" and "Nordexin" - would face up to 20 years in prison.

The U.S. Secret Service worked with authorities in Germany and Austria to take offline the four domains that resolved to the Try2Check service, including one domain on the dark web. The Department of State said it will pay $10 million for information leading to his arrest. Russia does not extradite its nationals.

"Although Try2Check has competitors, it appears to be one of the most popular websites of its type among cybercriminals," states Kulkov's federal indictment. Prosecutors said they don't know how much money he made over the course of his 1-year criminal career, but it's at least $18 million. Court documents portray Kulkov as a gleeful spender of money who set up an Instagram account titled as "Dennis Kulkov Ferrari owner" and bought a Land Rover.

Kulkov was able to validate payment cards by masquerading as a legitimate merchant seeking preauthorization charges. In 2018, he set up a Delaware limited liability corporation and sought assistance in gaining an account with a major U.S. payment processing company identified by prosecutors as "Victim-1."

Much of the case against Kulkov stems from an email address for a combined email and cloud backup service host. A federal judge in 2019 authorized a search of the account. Investigators found screenshots of the Try2Check administrator panel, site users and their bitcoin balance. They also found backup images apparently taken of computers used to operate Try2Check.

The prosecution against Kulkov comes just months after an international law enforcement operation seized WT1Shop, an online marketplace that sold millions of Social Security numbers, payment cards and other credentials. U.S. prosecutors unsealed an indictment against the site's alleged administrator, a Moldovan man named Nicolai Colesnicov.

Governments have successfully taken down a slew of carding websites over the past year, but experts warn that new fresh alternatives typically debut quickly (see: Darknet Markets Thrive Despite Repeat Disruptions by Police).


About the Author

David Perera

David Perera

Editorial Director, News, ISMG

Perera is editorial director for news at Information Security Media Group. He previously covered privacy and data security for outlets including MLex and Politico.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.