\nHow the feds caught a notorious credit card fraudster<\/br>
\n2023-05-04 22:13:28<\/br><\/p>\n
It took a decade, but US officials finally unmasked the ‘Try2Check’ mastermind<\/h2>\n\n\t\t\t![](\"https:\/\/i0.wp.com\/techcrunch.com\/wp-content\/uploads\/2023\/05\/doj-try2check-seized.jpg?w=1140&ssl=1\")
\n\t\t<\/div>\n<\/p><\/div>\n\nThe U.S. government<\/span> announced<\/a> on Wednesday that it had dismantled \u201cTry2Check,\u201d a credit card checking operation that allowed cybercriminals involved with the bulk purchase and sale of stolen credit card numbers to see which cards were valid and active.<\/p>\nDepartment of Justice prosecutors confirmed the indictment of Russian citizen Denis Gennadievich Kulkov, who is suspected of creating Try2Check in 2005. Kulkov is said to have made at least $18 million in bitcoin<\/a> from the service, which not only victimized credit card holders and issuers, but also a prominent U.S. payment processing firm whose systems were exploited to conduct the card checks.<\/p>\nTry2Check took advantage of the unnamed company\u2019s \u201cpreauthorization\u201d service, whereby a business \u2014 such as a hotel \u2014 requests that the payment processing firm preauthorizes a charge on a customer\u2019s card to confirm that it is valid and has the necessary credit available. Try2Check impersonated a merchant seeking preauthorization in order to extract information about credit card validity.<\/p>\n
In November 2018, the FBI and the U.S. Secret Service used an undercover online persona to load bitcoin into a Try2Check account. An agent then logged into that account and ran 20 newly created credit card numbers through Try2Check\u2019s card checking system. These transactions appeared in the systems of the U.S. payment processing firm as if they were submitted by U.S. merchants for preauthorization, and contained unique identifying numbers corresponding to real merchants.<\/p>\n
Not only did these transactions reveal the inner workings of Try2Check, but also the vast scale of the operation: The same IP addresses used to submit the credit card numbers for preauthorization had collectively submitted over 16 million credit card numbers for preauthorization over nine months between April and December 2018.<\/p>\n
According to prosecutors, Try2Check processed at minimum tens of millions of card numbers every year.<\/p>\n
While this undercover operation revealed the scope of Try2Check\u2019s activity, uncovering the person behind it all was far more arduous. The FBI and U.S. Secret Service confirmed they had been investigating the service since 2013.<\/p>\n
![A photo of Denis Gennadievich Kulkov, the main suspect in the Try2Check credit card scheme, as pictured on a State Department \"wanted\" photo.](\"https:\/\/i0.wp.com\/techcrunch.com\/wp-content\/uploads\/2023\/05\/kulkov-russia-doj-state.jpg?resize=1024%2C515&ssl=1\")
<\/p>\nA photo of Denis Gennadievich Kulkov, the main suspect in the Try2Check credit card scheme, as pictured on a U.S. government \u201cwanted\u201d photo. Image Credits:<\/b> State Department.<\/p>\n<\/div>\n
The decade-long probe largely centered around tracking Kulkov\u2019s various online personas. For example, reviews of the Internet Archive<\/a> revealed that the early versions of the Try2Check website, then known as \u201cjust-buy.it\u201d, contained the name \u201cKreenjo\u201d in its logo. At the same time, feds discovered that \u201cKreenjo\u201d was also the name of a user who posted on internet forums frequented by cybercriminals.<\/p>\nIn 2006, for example, a user named Kreenjo offered credit card checking services on an online cybercrime forum. The signature of the message contained the URL \u201ccheck.just-buy.it,\u201d which was a web address where Try2Check could be accessed at that time.<\/p>\n
U.S. investigators continued to track the online presence of Kreenjo, who also went by the aliases of \u201cNordex\u201d and \u201cNordexin\u201d; the former had identified himself as \u201cDenis from Samara,\u201d a city in southwestern Russia, in messages sent to forum users, while the Nordexin moniker was discovered in records obtained from a unnamed crypto exchange.<\/p>\n
These records showed that the registered user for that account supplied his passport, revealing the name \u201cDenis Kulkov,\u201d an address in Samara and an email address, referred to as \u201cNordexin Platform-1,\u201d which ultimately unmasked Kulkov as the man behind the now-notorious Try2Check service.<\/p>\n
Evidence linking Kulkov to Try2Check continued to grow: Travel documents obtained from Marriott International that linked Kulkov\u2019s identity to the passport used to open his cryptocurrency account and images matching his passport photo were found on a publicly accessible Instagram<\/a> profile belonging to \u201cDenis Kulkov, Ferrari owner\u201d and a Foursquare site that had \u201cliked\u201d various businesses in Samara, Russia.<\/p>\nAs a result of this mounting evidence, a judge in May 2019 ordered the search of the Nordexin Platform-1 account.<\/p>\n
The account contained images of webpages from Try2Check that were not publicly available, including screenshots of the site\u2019s \u201cadministrator panel,\u201d and a page that listed the bitcoin balance associated with each Try2Check user. It also contained multiple emails between Denis Kulkov and others, including his wife, who also provided travel documents to the Marriott hotel. One of these emails contained a picture of Kulkov holding up his passport. In another, he attempted to convert his cryptocurrency holdings into fiat currency, asking \u201cWhat is the maximum amount which will not cause compliance suspicion?\u201d<\/p>\n
Ultimately, it wasn\u2019t Kulkov\u2019s attempts to convert his millions in crypto that was his undoing, but rather his failure to cover his sprawling online tracks.<\/p>\n
The U.S. Department of State announced a $10 million reward offer<\/a> for information leading to Kulkov\u2019s arrest or conviction. If convicted, Kulkov faces 20 years\u2019 imprisonment.<\/p>\n<\/p><\/div>\n<\/br><\/br><\/br><\/p>\n
\n\t\t<\/div>\n<\/p><\/div>\nThe U.S. government<\/span> announced<\/a> on Wednesday that it had dismantled \u201cTry2Check,\u201d a credit card checking operation that allowed cybercriminals involved with the bulk purchase and sale of stolen credit card numbers to see which cards were valid and active.<\/p>\n Department of Justice prosecutors confirmed the indictment of Russian citizen Denis Gennadievich Kulkov, who is suspected of creating Try2Check in 2005. Kulkov is said to have made at least $18 million in bitcoin<\/a> from the service, which not only victimized credit card holders and issuers, but also a prominent U.S. payment processing firm whose systems were exploited to conduct the card checks.<\/p>\n Try2Check took advantage of the unnamed company\u2019s \u201cpreauthorization\u201d service, whereby a business \u2014 such as a hotel \u2014 requests that the payment processing firm preauthorizes a charge on a customer\u2019s card to confirm that it is valid and has the necessary credit available. Try2Check impersonated a merchant seeking preauthorization in order to extract information about credit card validity.<\/p>\n In November 2018, the FBI and the U.S. Secret Service used an undercover online persona to load bitcoin into a Try2Check account. An agent then logged into that account and ran 20 newly created credit card numbers through Try2Check\u2019s card checking system. These transactions appeared in the systems of the U.S. payment processing firm as if they were submitted by U.S. merchants for preauthorization, and contained unique identifying numbers corresponding to real merchants.<\/p>\n Not only did these transactions reveal the inner workings of Try2Check, but also the vast scale of the operation: The same IP addresses used to submit the credit card numbers for preauthorization had collectively submitted over 16 million credit card numbers for preauthorization over nine months between April and December 2018.<\/p>\n According to prosecutors, Try2Check processed at minimum tens of millions of card numbers every year.<\/p>\n While this undercover operation revealed the scope of Try2Check\u2019s activity, uncovering the person behind it all was far more arduous. The FBI and U.S. Secret Service confirmed they had been investigating the service since 2013.<\/p>\n A photo of Denis Gennadievich Kulkov, the main suspect in the Try2Check credit card scheme, as pictured on a U.S. government \u201cwanted\u201d photo. Image Credits:<\/b> State Department.<\/p>\n<\/div>\n The decade-long probe largely centered around tracking Kulkov\u2019s various online personas. For example, reviews of the Internet Archive<\/a> revealed that the early versions of the Try2Check website, then known as \u201cjust-buy.it\u201d, contained the name \u201cKreenjo\u201d in its logo. At the same time, feds discovered that \u201cKreenjo\u201d was also the name of a user who posted on internet forums frequented by cybercriminals.<\/p>\n In 2006, for example, a user named Kreenjo offered credit card checking services on an online cybercrime forum. The signature of the message contained the URL \u201ccheck.just-buy.it,\u201d which was a web address where Try2Check could be accessed at that time.<\/p>\n U.S. investigators continued to track the online presence of Kreenjo, who also went by the aliases of \u201cNordex\u201d and \u201cNordexin\u201d; the former had identified himself as \u201cDenis from Samara,\u201d a city in southwestern Russia, in messages sent to forum users, while the Nordexin moniker was discovered in records obtained from a unnamed crypto exchange.<\/p>\n These records showed that the registered user for that account supplied his passport, revealing the name \u201cDenis Kulkov,\u201d an address in Samara and an email address, referred to as \u201cNordexin Platform-1,\u201d which ultimately unmasked Kulkov as the man behind the now-notorious Try2Check service.<\/p>\n Evidence linking Kulkov to Try2Check continued to grow: Travel documents obtained from Marriott International that linked Kulkov\u2019s identity to the passport used to open his cryptocurrency account and images matching his passport photo were found on a publicly accessible Instagram<\/a> profile belonging to \u201cDenis Kulkov, Ferrari owner\u201d and a Foursquare site that had \u201cliked\u201d various businesses in Samara, Russia.<\/p>\n As a result of this mounting evidence, a judge in May 2019 ordered the search of the Nordexin Platform-1 account.<\/p>\n The account contained images of webpages from Try2Check that were not publicly available, including screenshots of the site\u2019s \u201cadministrator panel,\u201d and a page that listed the bitcoin balance associated with each Try2Check user. It also contained multiple emails between Denis Kulkov and others, including his wife, who also provided travel documents to the Marriott hotel. One of these emails contained a picture of Kulkov holding up his passport. In another, he attempted to convert his cryptocurrency holdings into fiat currency, asking \u201cWhat is the maximum amount which will not cause compliance suspicion?\u201d<\/p>\n Ultimately, it wasn\u2019t Kulkov\u2019s attempts to convert his millions in crypto that was his undoing, but rather his failure to cover his sprawling online tracks.<\/p>\n The U.S. Department of State announced a $10 million reward offer<\/a> for information leading to Kulkov\u2019s arrest or conviction. If convicted, Kulkov faces 20 years\u2019 imprisonment.<\/p>\n<\/p><\/div>\n <\/br><\/br><\/br><\/p>\n<\/p>\n