‘PopeyeTools’ marketplace for stolen credit cards disrupted by feds

A platform used to sell stolen credit card numbers and other tools for cybercrime was shut down by the Department of Justice on Wednesday after criminal charges against three of the site’s alleged administrators were unsealed. 

Illicit marketplace PopeyeTools was seized by the federal government, which accused Abdul Ghaffar, 25, of Pakistan; Abdul Sami, 35, of Pakistan; and Javed Mirza, 37, of Afghanistan of running it.

“As alleged, Ghaffar, Sami, and Mirza founded and ran a longstanding online marketplace that sold illicit goods and services for use in committing cybercrimes, including ransomware attacks and financial frauds,” said Nicole Argentieri, head of the department’s Criminal Division. 

“Today’s announcement of the takedown of the PopeyeTools domains, the criminal charges against its operators, and the seizure of cryptocurrency is yet another example of the department’s ‘all-tools’ approach to combatting cybercrime.”

Ghaffar, Sami, and Mirza were slapped with charges of conspiracy to commit access device fraud, trafficking access devices and solicitation of another person for the purposes of offering access devices.

Each is facing a maximum penalty of 10 years in prison if convicted. The DOJ also seized $283,000 worth of cryptocurrencies from an account allegedly owned by Sami. It is unclear whether any of the men have been arrested. 

Prosecutors also obtained legal authority to take over the domains of www.PopeyeTools.com, www.PopeyeTools.uk, and www.PopeyeTools.to — each of which was used to offer access to PopeyeTools.

The takedown, which was done alongside law enforcement agencies in the U.K. and Malaysia, was called “Operation Shipwrecked” in reference to the “Popeye the Sailor” cartoon. 

Cybercriminals have been trafficking stolen credit card data through PopeyeTools since at least 2016, authorities said. Users also could buy debit card numbers, bank account information and other data that would allow them to conduct transactions under another person’s identity. Some card details were sold for as low as $30. 

The site also marketed stolen access devices and other tools used for financial fraud. The site even offered criminals refunds if credit card data was no longer valid when it was sold. PopeyeTools developed other tools that could help criminals determine whether bank account or card data was valid. 

Prosecutors said they found the personal information of at least 227,000 people and that the administrators earned about $1.7 million from the platform. 

The DOJ has unveiled multiple high-profile actions against cybercriminals this week, arresting a Russian national behind a prominent ransomware gang and several Americans tied to the 2023 attack on MGM Casino.