The Justice Department Thursday announced the seizure of PopeyeTools, an illicit website and marketplace dedicated to selling stolen credit cards and other tools for carrying out cybercrime and fraud, and unsealed criminal charges against three PopeyeTools administrators: Abdul Ghaffar, 25, of Pakistan; Abdul Sami, 35, of Pakistan; and Javed Mirza, 37, of Afghanistan.
According to a criminal complaint unsealed Thursday, Ghaffar, Sami, and Mirza are charged with conspiracy to commit access device fraud, trafficking access devices, and solicitation of another person for the purposes of offering access devices, arising from their roles as administrators of the PopeyeTools website.
As part of the actions announced on Thursday, the United States obtained judicial authorization to seize the domains www.PopeyeTools.com, www.PopeyeTools.uk, and www.PopeyeTools.to, which long hosted and facilitated access to the PopeyeTools website.
According to the affidavit filed in support of these seizures, since in or around 2016, PopeyeTools served as a significant online marketplace dedicated to selling sensitive financial data and other illicit goods and tools of cybercrime to thousands of users around the world, including users associated with ransomware activity.
Some of the stolen information included bank account, credit card, and debit card numbers and associated information for conducting transactions. Since its inception, PopeyeTools has offered for sale the access devices and personally identifiable information (PII) of at least 227,000 individuals and generated at least $1.7 million in revenue.
As alleged, Ghaffar, Sami, and Mirza founded and ran a longstanding online marketplace that sold illicit goods and services for use in committing cybercrimes, including ransomware attacks and financial frauds, said Principal Deputy Assistant Attorney General Nicole M. Argentieri, head of the Justice Department’s Criminal Division.
According to court documents, the PopeyeTools marketplace’s motto was “We Believe in Quality Not Quantity,” and the website made a name for itself by allegedly selling stolen access devices and other illicit goods and services that were valid and thereby suited to committing financial fraud.
For instance, the “Live Fullz” section offered unauthorised payment card data and PII for cards that were marketed as “live” — i.e., could be used to conduct fraudulent transactions — at a price of approximately $30 per card. Other sections included “Fresh Bank Logs,” which offered logs of stolen bank account information, “Fresh Leads” or email spam lists, “Scam pages,” and “Guides and Tutorials.”
To attract members to the marketplace, PopeyeTools allegedly promised to refund or replace purchased credit cards that were no longer valid at the time of sale. In addition, at different times, PopeyeTools provided customers with access to services that could be used to check the validity of bank account, credit card, or debit card numbers offered through the website.
As part of the actions announced on Thursday, the United States also obtained judicial authorisation to seize approximately $283,000 worth of cryptocurrencies from a cryptocurrency account controlled by Sami.
If convicted, Ghaffar, Sami, and Mirza face a maximum penalty of 10 years in prison on each of the three access device offenses. A federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors.
