The Justice Department has shut down PopeyeTools, a website and marketplace dedicated to selling stolen credit cards and other tools for carrying out cybercrime and fraud, and unsealed criminal charges against three PopeyeTools administrators: Abdul Ghaffar, 25, of Pakistan; Abdul Sami, 35, of Pakistan; and Javed Mirza, 37, of Afghanistan.
According to a criminal complaint unsealed today, Ghaffar, Sami, and Mirza are charged with conspiracy to commit access device fraud, trafficking access devices, and solicitation of another person for the purposes of offering access devices, arising from their roles as administrators of the PopeyeTools website.
If convicted, Ghaffar, Sami and Mirza face a maximum penalty of 10 years in prison on each of the three access device offenses.
The Justice Department obtained judicial authorization to seize the domains PopeyeTools.com, PopeyeTools.co.uk, and PopeyeTools.to, which had hosted and facilitated access to the PopeyeTools website.
DOJ also obtained judicial authorization to seize approximately $283,000 worth of cryptocurrencies from a cryptocurrency account controlled by Sami.
How it worked
According to the affidavit filed in support of these seizures, since 2016, PopeyeTools served as a significant online marketplace dedicated to selling sensitive financial data and other goods and tools of cybercrime to thousands of users around the world, including users associated with ransomware activity.
Some of the stolen information included bank account, credit card, and debit card numbers and associated information for conducting transactions.
Since its inception, PopeyeTools has offered for sale the access devices and personally identifiable information of at least 227,000 individuals and generated at least $1.7 million in revenue.
According to court documents, the PopeyeTools marketplace’s motto was “We Believe in Quality Not Quantity,” and the website made a name for itself by allegedly selling stolen access devices and other illicit goods and services that were valid and thereby suited to committing financial fraud. The “Live Fullz” section offered unauthorized payment card data and PII for cards that were marketed as “live” — i.e., could be used to conduct fraudulent transactions — at a price of approximately $30 per card. Other sections included “Fresh Bank Logs,” which offered logs of stolen bank account information, “Fresh Leads” or email spam lists, “Scam pages,” and “Guides and Tutorials.”
To attract members to the marketplace, PopeyeTools allegedly promised to refund or replace purchased credit cards that were no longer valid at the time of sale. In addition, at different times, PopeyeTools provided customers with access to services that could be used to check the validity of bank account, credit card, or debit card numbers offered through the website.
Comments from DOJ
“As alleged, Ghaffar, Sami, and Mirza founded and ran a longstanding online marketplace that sold illicit goods and services for use in committing cybercrimes, including ransomware attacks and financial frauds,” said Principal Deputy Assistant Attorney General Nicole M. Argentieri, head of the Justice Department’s Criminal Division. “Today’s announcement of the takedown of the PopeyeTools domains, the criminal charges against its operators, and the seizure of cryptocurrency is yet another example of the department’s ‘all-tools’ approach to combatting cybercrime. Working with our domestic and international partners, the Criminal Division is committed to disrupting illicit enterprises through every available means, including by taking over their websites, charging culpable individuals, and seizing their illicit proceeds.”
“Cybercrime knows no boundaries,” said U.S. Attorney Trini E. Ross for the Western District of New York. “I continue to commend the work of our federal law enforcement partners, who joined forces with law enforcement across the globe, to disrupt this illicit marketplace. The perpetrators of this illegal marketplace allegedly sold the credit card information and personally identifiable information of hundreds of thousands of victims, some who live in western New York. Because of the incredible work of law enforcement, this illegal website has been seized and taken down so no one else can be victimized.”
“Dismantling the infrastructure of cyber criminals and seizing their funds are key aspects of the FBI’s cyber strategy,” said Assistant Director Bryan Vorndran of FBI’s Cyber Division. “Today’s announcement marks success on both fronts. In addition to unsealing charges against the administrators of PopeyeTools, we’ve also seized domains and cryptocurrency associated with the cybercriminal marketplace. The FBI will continue to relentlessly pursue the facilitators of cyber crime along with their tools and resources.”
“Today’s seizure of PopeyeTools, an illegal website and marketplace, highlights the FBI’s dedication to weaken cybercrime,” said Special Agent in Charge Matthew Miraglia of the FBI Buffalo Field Office. “This takedown is a significant example of the FBI’s technical capabilities, as well as our strong relationships with our international partners to protect people from cybercriminals operating these types of online marketplaces.”