What is Joker’s Stash?
Joker’s Stash (jstash) originated in October 2014 as a credit card shop but has grown into the defacto underground platform not only for credit cards but also for other personal information like social security numbers (SSNs). Not only is it one of the largest but also the most professional: Regular high-volume customers receive dedicated support and are able to access the site via custom domains that are set up for them specifically. If the market site is up, you can find the onion link for Joker’s Stash to the right of this article.
Joker’s Stash is divided into three main sections: Dumps, cards, and SSNs. Dumps are the raw data taken from the magnetic strips of the cards (Track 2, sometimes also Track 1) while the card section has the full data associated with a credit card processed in human-readable form: card number, full name, expiration date, and CVV.
The SSN section is the latest addition where you can find personal data sets for $5 per record. You are able to search the database for the full name, date of birth, state, and city. The results will show if there are any matches and also if they are available for purchase or have already been bought. So you can also use this database to check if any specific SSNs have already been sold on Joker’s Stash. Obviously this database is also very useful for spear-phishers in that they are able to check if the record of a specific person has already been compromised.
Joker’s Stash is not a typical credit card market in that it usually offers exclusive, self-hacked dumps. This is underlined by the fact that quite often the datasets of large security breaches end up on Joker’s Stash first. This means the offered card data is unique and has not been used before (no resale of previously obtained credit card data). “This means – in our shop, you can buy only our own stuff, and our stuff you can buy only in our shop – nowhere else,” Joker’s Stash said in a post on a carding forum in October 2014.
Entry Fee
To use that site – including just browsing the database – you will have to deposit at least $20. A small amount compared to what you are receiving just by being able to browse the database. This also deters scammers and other undesired people whose aim usually is to disturb the operation. $20 is the minimum, but you are encouraged to deposit more, for advantages to that read the section titled “Benefits for VIP-Users” below.
That Joker’s Stash is running a serious operation is quite obvious: A recent analysis by Recorded Future was able to identify at least 49 dedicated servers and over 500 domains connected to Joker’s Stash. While Joker’s Stash provides clearweb domains as well, but these are usually reserved for VIP-Customers (see below).
Joker’s Stash is primarily directed towards large-volume customers. The best prices are available only if you buy in bulk (1000 or more datasets) and it is the go-to platform if you need large amounts of credit cards or PII.
Benefits for VIP-Users
As a high volume customer, the site’s support staff will go out of their way to accommodate you: Among the benefits are 24/7 support as well as dedicated domains and servers. While the report by Instinkt Group linked above identified over 500 domains it points out that this is most likely not complete; to quote from the report: “There are very likely additional domains related to this activity that are not identified in this research.”
This means that VIP-Users are able to get a clearweb domain that is not used by anyone else. Depending on your security procedures you can then access the site with a normal browser (in case TOR is momentarily not an option for you) and still not expose yourself by browsing monitored domains. These sites cannot be accessed by anyone else, they are set up for specific customers who are granted the technical means and credentials to access the website.
Additionally, VIP-Users receive advance notice of new batches of stolen cards coming up for sale, prioritized support requests and additional time for refunds on cards that came back as “declined” or closed by the issuing bank shortly after purchase.
Security Recommendations
Due to its policies, Joker’s Stash is a rather trusted platform, with a low risk of scams. But of course, the usual security recommendations apply: Stay anonymous. Use the TOR browser only and don’t use the TOR browser for any regular (non-darknet) browsing. Ideally, you have a dedicated system or at least a dedicated VM for all your darknet activities. Keep your darknet PGP keys and other credentials limited to that system only, do not mix it with any activities that would expose your identity.
Treat your dedicated system like a work-system: Only install the software necessary for your operations do not install anything for entertainment or other purposes. Subsequently, resist the urge to browse Twitter, Reddit or any other social media sites while you have downtime. For this always use your regular system.
Large datasets
With the large infrastructure in place, Joker’s Stash is also able to provide extra servers and methods of access whenever a new large breach has occurred and a run on the site (and other credit card markets) is likely to happen. And there’s a very good chance that the loot of major breaches ends up on Joker’ s Stash: On October, Brian Krebs reported about how 5 million credit cards that came from a breach of the Hy-Vee Supermarket Chain (dubbed “Solar Energy”) were sold on Joker’s Stash. Just two months later, Krebs wrote that a stash of 4 million credit card datasets – obtained from four large US-based restaurant chains – were offered for sale on the Joker’s Stash platform.
This, of course, isn’t new and wasn’t new in August. Already three years ago, Krebs reported about the rise of Joker’s Stash
Summary of Joker’s Stash
If you need credit card or SSN data, especially large amounts, Joker’s Stash should be your go-to site. Even critics and independent research agrees on that: Brian Krebs called Joker’s Stash an “elite shop” and “sprawling virtual hub” – that was in 2016 and Joker’s Stash only got bigger since then. The market can be trusted; samples taken bythe Intakt group for the Recorded Future report showed that the card data was legitimate. As always, when visiting any darknet market make sure to only use trusted links, such as the onion link for Joker’s Stash on the top right.