Cybercrime , Fraud Management & Cybercrime , Fraud Risk Management

Stolen Payment Card Trafficking Mastermind Pleads Guilty

Aleksey Burkov's 'Cardplanet' Site Sold Card Data, Prosecutors Say
Stolen Payment Card Trafficking Mastermind Pleads Guilty

Aleksey Burkov, a Russian national who was extradited to the U.S. from Israel in November, pleaded guilty Thursday to federal charges related to owning and operating a site called "Cardplanet," which trafficked in stolen payment card data, according to the Justice Department.

See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors

Burkov, 29, pleaded guilty to charges that included access device fraud; conspiracy to commit computer intrusion, identity theft, wire and access device fraud; and money laundering. He faces a maximum of 15 years in federal prison when he's sentenced on May 8, according to the U.S. Attorney's Office for the Eastern District of Virginia, which is overseeing the case.

Burkov will remain in federal custody until his sentencing, federal prosecutors say. His court appointed attorney, Gregory Stambaugh, declined to comment.

Between 2009 and 2013, the Cardplanet site trafficked in more than 150,000 stolen credit and debit cards, mainly issued through U.S. banks and financial institutions, according to the federal indictment. Prosecutors estimate that more than $20 million in fraudulent purchases were made using those cards.

Cardplanet ceased operations in 2013, and Burkov remained a fugitive until he crossed over from Egypt into Israel in 2015 and was arrested by Israeli police. He remained in custody there until November, when authorities extradited him to the U.S. to face charges in Virginia (see: Russian National Charged in Payment Card Scheme).

How Cardplanet Worked

Between 2009 and 2013, Burkov, who is described in court documents as an IT specialist from Saint Petersburg, Russia, built and operated the Cardplanet site, which trafficked payment card data that included the account holder's name, account number, card verification value number and expiration date, federal prosecutors say.

The site acted as a clearinghouse, with cybercriminals buying and selling this stolen information, according to the federal indictment. Burkov advertised the Cardplanet services on underground forums, especially Russian-language sites. The site was hosted on a server located in Virginia, according to the indictment.

Depending on where the cards were issued, as well as the personal information of the cardholder, the data could sell for between $2.50 and $60 for each card, according to the indictment. Burkov, who paid close attention to customer service for clients, also allegedly developed a "checker," which could validate the stolen credentials for buyers. And the site even offered a refund policy if the stolen cards didn't work, prosecutors say.

In most cases, cybercriminals used the stolen data to make purchases from stores and online e-commerce sites, resulting in about $20 million in fraudulent purchases over four years, according to the indictment. Because the Cardplanet site operated before the popularity of bitcoin, Burkov accepted payments using other digital currencies, such as Liberty Reserve or WebMoney, as well as conventional payments from Western Union, according to the indictment.

'Direct Connection'

In addition to Cardplanet, Burkov and several other unnamed co-conspirators operated other underground forums for "elite" cybercriminals, according to court documents.

Unlike Cardplanet, which was public-facing, one of these secondary sites, called "Direct Connection," operated in secret, prosecutors say. To gain membership into this cybercrime forum, prospective members needed three existing members to "vouch" for their reputation among other cybercriminals; they also had to pay about $5,000 as “insurance,” according to the indictment.

Once accepted, members of Direct Connection could then use the forum to help plan other crimes, buy services or exchange information with other cybercriminals, the court documents show.

"The purpose of the Direct Connection was to allow elite cybercriminals to meet in a secure location where they would have access to other elite and trusted co-conspirators and where they could plan and assist in cybercrimes, including the advertisement, purchase, and sale of stolen goods and illegal services," according to the court papers.

Burkov and others also created forums inside the Direct Connection site where cybercriminals could comment and exchange information, according to the court papers. The topics ranged from news, to the buying and selling of stolen credit cards, to how criminals could look up Social Security numbers and dates of birth, prosecutors say.

International Intrigue

The long-running case against Bukov also involved on-again and off-again negotiations between the U.S., Israel and Russia (see: 'Soviet Tactics': Russia Tries Prisoner Swap for Hacker).

Before the U.S. indictment against Burkov was unsealed in November, news reports from Israel described how Russian officials attempted to swap Israeli-American citizen Naama Issachar, 26, who is being held in Russia on marijuana possession charges, for Bukov, who had been detained in Israel since 2015.

Russian officials, according to news media reports, wanted Burkov to return home to face different criminal charges there. After a long court battle that started in 2015, the Israeli government signed extradition papers in November to send Burkov to the U.S. to face the charges, according to news reports.

On Friday, the Jerusalem Post reported that Issachar is still being held in Russia although she may be released if she files for a pardon with the Russian government.

About the Author

Scott Ferguson

Scott Ferguson

Former Managing Editor, GovInfoSecurity, ISMG

Ferguson was the managing editor for the media website at Information Security Media Group. Before joining ISMG, he was editor-in-chief at eWEEK and director of audience development for InformationWeek. He's also written and edited for Light Reading, Security Now, Enterprise Cloud News, TU-Automotive, Dice Insights and

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.