

The Darkweb’s New Favorite Drug Market, Profiting from Silk Road 2’s Demise - InternetGiant
http://www.wired.com/2014/11/the-evolution-of-evolution-after-silk-road/

======
jobu
_" And in addition to drugs, counterfeits and guns, Evolution also sells
stolen credit cards, a kind of crime never allowed on the Silk Road."_

A sort of natural selection that favors more evil apparently.

~~~
granfalloon
I recently took a look at Evolution's fraud offerings, as I do anti-fraud work
for an online company and was curious to see where the masses of fraudsters I
deal with were getting their CC number and bank account info from.

It's actually pretty incredible; I was expecting to see simple "dumps" of CC
info and bank login credentials, but it was much more sophisticated. Sellers
were offering "packages" that would include bank login information (priced
according to account balance), lists of IP addresses that were known to be
flagged, SSNs and address information to help with security questions, and
guides for how to best use this information.

Definitely seems like it'd be easy for a criminal with a little tech know-how
to make a full time job of buying and exploiting this info. Based on the
prices I saw, it would only take one successful fraudulent transaction out of
many attempts for it to be profitable.

~~~
joosters
I wonder why the prices are low compared to the expected returns?

Perhaps there aren't many buyers out there, or there are just too many stolen
CCs that the market is swamped by them.

OTOH, maybe the payoffs for CC fraud are actually lower than you might
expect... could the banks be getting better at blocking cards sooner?

~~~
csommers
It's a combination of both.

There are far FAR too many CC numbers available out there and when you
consider the work needed to find a viable one, not to mention the legal issues
resulting from this...it's pretty clear why they are so "cheap".

It's pretty comparable to the current stolen iPhone market(assuming iCloud
locked), as they are basically a paperweight in that configuration, which
makes them a "traders" commodity of sorts. Much like this, I've seen CC
"packages" used as a sort of commodity, where the partners aren't as much
interested in using the CCs, as they are merely selling them off later.

------
orik

      "Evolution has also had much faster pageload times than competitors, most of whom
      run painfully slowly thanks to Tor’s process of routing web traffic among random-
      ly chosen computers around the world. (Just how Evolution managed those speeds de-
      spite running on Tor itself isn’t clear.)"
    

I can't really investigate myself currently and I've never visited but is
anyone here know if/why Evolution is faster?

~~~
mschuster91
I'd guess multiple domains for hosting stuff like CSS and images to better
exploit parallelism, and massive compression where possible.

------
ChuckMcM
Presumably they are smart enough to operate in a jurisdiction where the law
enforcement agencies are more of a strategic partner rather than an
operational risk. Given the guy running it is a former carder, and Krebs seems
to think that all carders are Ukrainian or Russian, perhaps Evolution is based
out there? If so that would make it pretty hard for the FBI I suspect.

~~~
x0x0
I did wonder why you couldn't set up silk road 3 in eg russia and merely avoid
selling drugs into russia. No tor required, and you can stick your middle
finger up to the US/EU authorities. Though you probably have to be willing to
never leave Russia ever...

------
mike-cardwell
What is the .onion for this service?

EDIT: Seems to be listed on the hidden wiki. A clearnet mirror of which exists
here: [http://hiddenwiki.me/](http://hiddenwiki.me/)

~~~
cakeface
Just a reminder that the hidden wiki is, indeed, a wiki. People can go in
there and change the onion link to a fraud site such as the ones referenced in
the article. Since onion addresses are not nearly as memorable as domain names
this is actually a pretty big problem.

------
woah
How "immoral" is it really, facilitating the sale of stolen CC info? Clearly,
it is a bad thing to do. But it seems to me that the CC companies are at least
as much to blame for having such a crappy system. Anti-fraud is one of the few
things that they can point at as justifying their exorbitant fees for sending
a couple of packets. The fact is, their system allows fraud and they are not
doing anything about it.

~~~
pavel_lishin
Given that stolen credit cards create a lot of headaches for the people who
actually _use_ the credit cards, I'd say it's pretty immoral.

(Yes, yes, the CC companies are on the hook for it, and you're not liable for
any money charged to a stolen card, etc., etc., but it doesn't make it
pleasant. It's stressful.)

~~~
desdiv
_the CC companies are on the hook for it_

The CC companies pass it down to the retailers in terms of transaction fees,
who in turn pass it down to the consumers.

It doesn't matter whether your card gets stolen or not. It doesn't matter
whether you even _have_ a credit card or not. Everyone is paying for the cost
of credit card fraud in one way or another. Even people who only pay with cash
still bear the burden of credit card fraud, since they're still paying the
credit-card-fee-inclusive price (unless they only shop at retailers with cash
discounts).

~~~
firepacket
It's not even in the form of transaction fees.

Fraudulent charges are withdrawn from the retailers. Even if it has already
posted to the bank account, they will take it back.

The CC companies never absorb the cost for fraud. Their greatest trick is
convincing everyone they do.

