Last updated at Thu, 21 Apr 2022 20:01:03 GMT
At the end of May 2018 (only a few months ago), there was a major site takedown that shook the dark web world. This site was Atlenen.com, a major carding site where hackers bought and sold fraud tactics.
A carding site is a website where hackers sell fraud methods or fraud services with credit cards. They can either sell stolen cards that were probably leaked in a data breach, or provide methods to generate card numbers, then check their validity and balance.
In the aftermath, a number of new carding sites have come and gone, but one has emerged as the potential replacement, with its daily user count quickly rising. Here’s our recap of the Altenen takedown and thoughts on where threat hunters should shift their focus for finding new threats and fraud tactics.
Altenen background and history
Altenen was known in the hacking community as one of the biggest carding sites, along with bitshacking.com, club2crd.cc, and ccc.mn, which aren’t far behind in terms of their reputation. Israeli authorities have estimated that Altenen led to fraud for over 20 thousand cards, resulting in $31 million in money laundering.
In the dark web world, it is difficult to develop a good reputation, especially when it comes to illegal services. So, when one of the dominant players falls, everyone looks to see who will inherit the throne. Since Altenen was shut down, we’ve been monitoring which site will emerge as the new favorite site.
We didn't find many hackers talking about a new carding service replacing Altenen, but rather, other sites with the same name and the same design. It seemed that the management team was trying to leverage its established name and credibility, not open it as a new brand.
In parallel, many scammers took advantage of this situation and opened their own sites using Altenen's brand, which over time appeared to be fake. The promotion for a new Altenen site was everywhere – on YouTube videos, comments on other hacking forums, and even posts on paste sites. Many of the fake sites didn’t last long and were shut down shortly after they were discovered.
For a while, it felt a bit like musical chairs, where many new sites with the same name and purpose surfaced, and we were just waiting for the music to stop to see which will be the last one standing. However, there was one site that has appeared to emerge as the new favorite and replacement, called Altenen.nz.
Altenen.nz: The new carding site king
Altenen.nz appears to be the heir to Altenen.com’s throne. It has the same design and seems to be running the same services as the old one. The forums appear to be active and carry information that is updated with the latest news. However, it does not appear to contain the same content of the old site. This means that they didn’t clone their old site; but rather, started everything from scratch. This raises the question of whether the site is being operated by the same team or an entirely different one.
Altenen.nz has a count on their homepage with the number of daily users visiting the site, which amounts to over 2,000 daily users, 600 of which are members, at the time of writing. These statistics were also verified on trusted web statistic sites, which also show an increase of about 1,000 unique daily users.
However, the original site’s previous traffic amounted to around 20,000 daily visitors. We assume this decrease is not only because of the takedown, but also because many hackers aren’t satisfied with the current site’s functionality, especially with the decrease of information published on it. It will be interesting to continue monitoring the site to see if it will regain its previous success and outlast some of its competitors.
Illegal sites like Altenen can be very fragile, tending to come and go frequently and without warning. Whenever a major site gets taken down, new alternatives will likely rise in the aftermath. If you’re a threat hunter, it’s important to stay on top of which sites are taken down and which new ones surface so you can continue to hunt threats and threat actors where they are spending their time.
Learn how Rapid7 can help protect your organization against threats lurking on the clear, deep, and dark web.