image
A Moroccan man suspected of being “Dr HeX” – the prolific threat actor behind a nine-year cyber-blitz on thousands of victims through phishing, website defacing, malware development, fraud and carding – has been arrested. Interpol announced the bust – which took place in Morocco in May – on Tuesday, describing it as the result of a joint two-year probe dubbed Operation Lyrebird that saw Interpol working closely with the Moroccan police and security firm Group-IB. The unnamed suspect allegedly helped to develop carding and phishing kits to sell on criminal online forums. One example of a carding site is Joker’s Stash, which was taken down in December. It was a popular cybercriminal destination that specialized in trading in payment-card data, offering millions of stolen credit and debit cards to buyers. As described in Interpol’s announcement, the buyers of Dr HeX’s carding and phishing kits used them to masquerade as online-banking facilities, allowing the suspect and others “to steal sensitive information and defraud trusting individuals for financial gain, with the losses of individuals and companies published online in order to advertise these malicious services.” We saw one such example of how the carding economy works in October, when Dallas-based smoked-meat franchise Dickey’s Barbecue Pit saw 3 million customer payment cards turn up on the site. Anyone purchasing the information could create cloned cards to physically use at ATMs or at in-store machines that aren’t…

Source