In a significant blow to cybercrime, the U.S. Justice Department announced the seizure of PopeyeTools, a notorious online marketplace that specialized in selling stolen credit card information, bank account details, and other illicit tools for committing fraud and cybercrimes. Three administrators of the website—Abdul Ghaffar, 25, Abdul Sami, 35, and Javed Mirza, 37—have been charged with a series of crimes, including conspiracy to commit access device fraud and trafficking stolen financial data.
The PopeyeTools website, which operated for several years, was a hub for cybercriminals, offering access to stolen financial data and a range of illegal services, including ransomware-related tools. The site is believed to have generated at least $1.7 million in revenue by selling the personal information of over 227,000 victims worldwide.
The affidavit filed in support of these seizures, since in or around 2016, PopeyeTools served as a significant online marketplace dedicated to selling sensitive financial data and other illicit goods and tools of cybercrime to thousands of users around the world, including users associated with ransomware activity. Some of the stolen information included bank account, credit card, and debit card numbers and associated information for conducting transactions. Since its inception, PopeyeTools has offered for sale the access devices and personally identifiable information (PII) of at least 227,000 individuals and generated at least $1.7 million in revenue.
“The PopeyeTools marketplace was a significant player in the online world of cybercrime,” said Principal Deputy Assistant Attorney General Nicole M. Argentieri. “Today’s actions—seizing the website, charging the administrators, and taking their illicit cryptocurrency—reflect our commitment to using every available tool to disrupt these criminal enterprises.”
PopeyeTools, which operated under several domain names, including popeyetools.com and popeyetools.co.uk, was known for selling what it called “live” credit card information, marketed as active and ready for fraudulent use. Other products sold on the platform included stolen bank account data, email spam lists, and even scam guides.
To attract members to the marketplace, PopeyeTools allegedly promised to refund or replace purchased credit cards that were no longer valid at the time of sale. In addition, at different times, PopeyeTools provided customers with access to services that could be used to check the validity of bank account, credit card, or debit card numbers offered through the website.
The website’s motto, “We Believe in Quality Not Quantity,” emphasized its focus on offering valid, working financial data—often at steep prices—making it a go-to destination for cybercriminals seeking to execute financial fraud.
For instance, the “Live Fullz” section offered unauthorized payment card data and PII for cards that were marketed as “live” — i.e., could be used to conduct fraudulent transactions — at a price of approximately $30 per card. Other sections included “Fresh Bank Logs,” which offered logs of stolen bank account information, “Fresh Leads” or email spam lists, “Scam pages,” and “Guides and Tutorials.”
Along with shutting down the marketplace, federal authorities have seized approximately $283,000 worth of cryptocurrency from Sami’s accounts. The Justice Department also highlighted the international collaboration involved in the takedown, with support from global law enforcement agencies.
“This takedown is a testament to the strength of our partnerships with law enforcement around the world,” said U.S. Attorney Trini E. Ross for the Western District of New York. “The perpetrators behind this marketplace allegedly sold personal information and credit card data from hundreds of thousands of victims, including those right here in western New York. Thanks to the tireless work of our law enforcement partners, this dangerous platform is now offline.”
The charges against Ghaffar, Sami, and Mirza carry a maximum penalty of 10 years in prison for each of the three access device offenses, with sentencing to be determined by a federal district court.
The operation is a major success in the ongoing battle against cybercrime, with authorities pledging to continue targeting online criminals and their financial networks.
