The U.S. has seized the cybercrime website ‘PopeyeTools’ and unsealed charges against three of its administrators, Abdul Ghaffar, Abdul Sami, and Javed Mirza, for selling stolen data.

Apart from the seizure of multiple domains associated with the cybercrime platform, the authorities have also confiscated $283,000 worth of cryptocurrency linked to illicit operations.

PopeyeTools was a clearnet marketplace dedicated to facilitating cybercrime by selling stolen financial and personal data, along with tools for conducting fraud and cyberattacks.

Launched in 2016, the platform served as a hub for thousands of users worldwide, including those involved in ransomware activities and other sophisticated cybercrimes.

According to the authorities, PopeyeTools generated an estimated revenue of $1,700,000 through the sale of personal and financial information of at least 227,000 individuals.

The services offered in the marketplace include:

• Bundles of unauthorized payment card data and personally identifiable information (PII), marketed as “live” and valid for fraudulent transactions, priced around $30 per card.
• Logs of stolen bank account details for fraudulent access.
• Spam email lists for phishing or marketing scams.
• Templates for websites used in scam operations.
• Educational materials for carrying out financial fraud and other cybercrimes.
• Tools to verify the validity of stolen credit card, debit card, and bank account data offered on the marketplace.

The platform also offered refund policies and replacements for purchased data found not to be working, striving to maintain a high level of customer service to attract and retain users.

Today, the authorities announced the seizure of the PopeyeTools.com, PopeyeTools.uk, and PopeyeTools.to domains, with the latter being the latest hosting the cybercrime platform.

Visitors to these URLs will now see the following banner, warning them that information on the platform’s members is now in the hands of law enforcement investigators.

Administrators charged

The three suspected administrators, Ghaffar, 25, from Pakistan, Sami, 35, from Pakistan, and Mirza, 37, from Afghanistan, are accused of operating PopeyeTools.

The three face charges of conspiracy to commit access device fraud, trafficking access devices, and solicitation for the purpose of offering access devices.

If convicted, each charge carries a maximum penalty of 10 years in prison. However, no arrests have been made at this time, and it’s unclear where the suspects reside and if an extradition can be requested.

Nonetheless, approximately $283,000 worth of cryptocurrency linked to Abdul Sami has been seized.