Credit card fraudster Sergey Pavlovich writes a new chapter
Editor’s note: The early 2000s were a ripe time for credit card fraud, and so-called “carders” like Sergey Pavlovich were making a killing. But his luck would fade in 2004, when Belarussian authorities caught the 21-year-old Pavlovich and put him behind bars.
Pavlovich would end up serving nearly a decade in jail for his crimes, which reportedly caused losses in excess of $200 million, and is still being investigated in the U.S. Pavlovich, who now lives in Moscow, says he’s reformed and tries to discourage others from following in his path. “In my opinion, it is pointless and dangerous to do carding now," Pavlovich said. "The juice is not worth the squeeze.”
He spoke with Recorded Future expert threat intelligence analyst Dmitry Smilyanets recently about his experience as a credit card fraudster, what he’s learned from it, and why he’s living in Russia. The interview was conducted in Russian via Telegram and was translated to English with the help of a professional translator. The conversation below has been lightly edited for clarity:
Dmitry Smilyanets: Sergey, you were twice convicted in Belarus, and a criminal case was opened against you in the U.S. What can you tell me about this situation?
Sergey Pavlovich: Yes, indeed... From the age of 14, I got into carding. It happened accidentally. I was selling some stuff on the Internet, and one of my friends asked me to buy stolen credit card numbers. I saw that they were for sale on a forum and I bought them. The guy did not settle up with me, so I had a large set of data in my hands that allowed me to make purchases on the Internet. I decided that I would return my investment if I could buy any kind of goods with these cards. This is how my career in crime began.
I made some money with stuffing [buying “stuff” with stolen credit cards], not a lot, $150-$300 per month. Later I got on to carding forums, first Carding.org then CarderPlanet. Then I started my own DumpsMarket forum. I met the top figures there—BadB and Boa. And worked two schemes—I sent drops [money mules] around the world with fake credit cards to buy goods, and I sold dumps. I took data from hackers I met earlier, and just resold their data on my forum. Tron, one of the sellers from Moscow, turned out to be a scammer and still owes me $35,000 for the dumps he received. For these crimes, I was convicted in Belarus and served two-and-a-half years. A year after serving my sentence, I was arrested again for selling dumps to a U.S. Secret Service special agent. I didn’t sell him that much, just two thousand dumps. And for this crime, I served seven and a half years.
DS: What do you think of the U.S. Secret Service officer who investigated you for identity theft?
SP: I must admit that the U.S. Secret Service played a big role in my investigation. The Americans are using the methods that they’ve perfected working on criminal gangs over the last hundred years and they are only interested in the leaders of the gangs because by decapitating the gang, they successfully break it up. They use the tactic of getting someone on the inside. Under the guise of clients or friends, they insinuate themselves into our environment, send gifts, invite us to different countries, because they understand that they cannot arrest us in our home territory. The first time I was lured to Thailand, and the second time to the Dominican Republic. But both times my trips didn’t happen for a number of reasons. It took them about four years to develop the case against me. As far as I know, Special Agent Ryan Knisley was in charge of the case, and if now there was an opportunity to say something to his face, I would say: “You are good! Because you outplayed me!” I don't have any anger, because it's like chess—he has his own job and I have mine.
I say that if you do carding, you have to be ready to serve 5-10 years in jail."
DS: In a recent video interview, you said that you are ready to surrender to U.S. law enforcement on the condition that you will receive a light sentence. Why? Are you not comfortable living in Russia?
SP: I said that I would be ready to surrender to the U.S. authorities and the Secret Service if I was given a short term. Because otherwise, it’s unjust, I have already served 10 years. This is a fairly long term for cybercrimes against the United States and Western Europe. But I did not harm the citizens of Belarus, and it is not clear then why I was imprisoned, because America continues to maintain legal claims against me. Internationally, this is a double punishment—double jeopardy. There’s been no progress on this issue so far but we are trying to resolve it. I talked with senior officials of the American special services, and they honestly declared that I could come and work for them for several years, but the court will have the final say in the verdict and he may not accept the petition. In any case, the positive aspect is that they honestly state this and don't try to be deceitful.
I live comfortably in Russia, but I do not consider Russia as my permanent place of residence. I would like to travel and choose a country to live in that has a developed political and legal system. And most of all I would like to live in a country where people's consciousness is much more developed than our post-Soviet one. There are many such countries—England, Sweden, Switzerland, the Netherlands—these are the top countries where I would like to live.
DS: What has changed in carding since the times described in your 2014 book How to Steal a Million?
SP: Competition has grown. Plus, they imprisoned almost everyone who hacked databases with cards and supplied them to the international market. Previously, one card cost about $1 retail, but now it can cost $20 or even $50. Competition has increased, there are fewer and fewer cards, profits are lower, and the risk of being caught is higher. In my opinion, it is pointless and dangerous to do carding now. The juice is not worth the squeeze. But at the same time in Russia, things haven’t changed, if you do not steal from the citizens of the Russian Federation and target the West, you essentially have immunity, and no one will investigate you.
DS: In past interviews, you said that the number of cybercriminals in post-Soviet countries is about 100,000 to 150,000 people. These are huge numbers in comparison with the cozy atmosphere of the forums in the early 2000s. What is the reason for such growth in the number of cybercriminals in these countries?
SP: If back in my time the largest cybercriminal forum had 4,000 members, now when we look at all Russian-language cybercriminal forums, the total number of registered members is about 1.5 million people. It is clear that you can be simultaneously registered on all of the forums, or have several nicknames within one forum. After some simple calculations, I understand that the number of real Russian-speaking cybercriminals is now about 150,000 people.
The topic becomes public as the number of forums grows. Many of these forums are not even banned on the territory of the Russian Federation by Roskomnadzor [the Federal Service for Supervision of Communications, Information Technology and Mass Media, which oversees telecommunications in Russia]. Plus, they talk about carding on YouTube. I also had a little hand in this, but in every interview on this topic, I say that if you do carding, you have to be ready to serve five to ten years in jail. The growth was influenced by the popularization of carding on the Internet and on Telegram channels. Also, over the past 25 years in the post-Soviet space, no social ladders or opportunities have been created for young people to realize their potential.
DS: Do hackers and carders in post-Soviet countries (also known as the Commonwealth of Independent States, or CIS) observe the main rule: "Work on CIS targets is prohibited”? In the early 2000s, this was the golden rule, which was treated with the utmost respect. What is happening today, what nuances do you observe?
SP: Nowadays this rule is also observed. In our time, this was based more on ideology—it was wrong to steal from our own people, they have less money and the state had already robbed everyone in 1991 when Sberbank went bust. But now the economic component is added to this—locals have practically empty accounts and the risk of being caught when you steal from our citizens is higher. This is an unspoken rule observed by large groups. The Vidar Stealer, for example, if a Russian IP address comes across, they don't even collect logs from that computer. The guys who are engaged in ransomware, also, if there are Russian IPs or language settings on the resource, then they don’t lock it.
DS: What else do you do besides YouTube and Telegram channels? How is your book selling?
SP: I have two YouTube channels—People PRO with 385,000 Russian-speaking subscribers, and a smaller channel Mother Russia Official, which is my main mouthpiece for my English-speaking audience; two Telegram channels, one is my personal one that I use as a blog, and in the second one I teach people how to make money on YouTube. My book is selling quite well on Amazon in both Russian and English languages. And I also have several businesses on the Internet: one of them is eCommerce, one is related to video bloggers, a cash-back service, and a service related to cybersecurity. And in addition to the book, I sell merchandise: T-shirts with the TOR logo.
It is unsafe for any person to be in Belarus now. For me, as for an active young man, especially with a criminal past, moreover a blogger, it is triple unsafe."
DS: Why do you live in Russia? Don't you see any potential for yourself in Belarus?
SP: It is unsafe for any person to be in Belarus now. For me, as for an active young man, especially with a criminal past, moreover a blogger, it is triple unsafe. Lukashenko is a dictator who usurped power. Who struck down all the laws. Of course, he must go, preferably to jail, and answer for all the crimes he has committed.
DS: Does the political situation in Belarus affect the IT sector, both legal and shadow?
SP: Of course, it does. And everyone is leaving Belarus. Many headquarters of large companies in the IT sector simply relocate their employees to the Baltic countries, Poland, and Ukraine.
DS: To what extent do CIS hackers cooperate with colleagues from other regions?
SP: Hackers do not cooperate with each other that much. It is difficult for them to find each other because of the language barrier. All the groups that had been around, hacking or carding, were local, they rarely had foreigners. One of the great examples of international cooperation was the Eleven Friends of Albert Gonzalez.
DS: Tell me a secret.
SP: One of my first big carding purchases (almost $1,500) was an electric bass guitar made in South Korea, which was later purchased by the bassist of the well-known Belarusian band “Bez Bileta” for $300. And he still doesn’t know that he came into contact with the world of carders.
Mission-driven and Russian-speaking intelligence analyst with type A personality. Dmitry has twenty years of experience and expertise in cybercrime activity that includes being a former member of an elite Russian-based hacking organization.