The American government has announced a $10 million bounty for information leading to the arrest or conviction of a 43-year-old Russian man named Denis Kulkov, who allegedly made millions of dollars from his cybercrime service, Try2Check. Kulkov’s service was one of the most trusted resources on the dark web for checking the validity of stolen credit card data. Launched in 2005, Try2Check quickly became known for its reliability and efficiency, boasting over one million transactions per month, at the cost of only 20 cents per transaction. The site became the official card-checking platform for some of the most bustling crime bazaars, including Vault Market, Unicc, and Joker’s Stash.
The service was designed to minimise the number of inactive cards being used by cybercriminals who purchased stolen credit card data from the underground market. Customers who utilized the shop’s built-in (but a-la-carte) card checking service from Try2Check could expect automatic refunds on any cards that were found to be inactive or canceled at the time of purchase.
On Wednesday, 3 May 2022, Try2Check’s websites were replaced with a domain seizure notice from the US Secret Service and Department of Justice. Prosecutors in the Eastern District of New York unsealed an indictment and search warrant naming Denis Gennadievich Kulkov, of Samara, Russia as the proprietor of Try2Check. This announcement was made after US authorities found Kulkov had made at least $18 million and had used the funds to purchase luxury items, including a Ferrari, a Land Rover, and other expensive vehicles. The US Department of State announced the $10 million reward for information leading to Kulkov’s capture or conviction alongside the announcement of his indictment.
Denis Kulkov is known in the cybercrime industry by the handle ‘Nordex’. He first advertised his service to users on the underground Russian cybercrime forum, Mazafaka. Cyber intelligence firm Constella linked the email address polkas@bk.ru to Kulkov and discovered he used it to register an account with the username “Nordex” at Bankir.com. Records also show that a Nordex registered with the username “Polkas” was created from the same internet address in Samara, Russia. This account had the same date of birth as Nordex but a different email address: nordia@yandex.ru. Law enforcement officers were able to link the address to Anna Denis, believed to be Kulkov’s wife. Authorities were able to identify Kulkov through a wealth of personal information tied to a cryptocurrency exchange that he had used.
Like many other top cybercriminals based in Russia or in countries with favourable relations to the Kremlin, the proprietor of Try2Check linked to a real-life identity. This vulnerability has allowed authorities to identify and capture a significant number of cybercriminals.
However, the challenge for western law enforcement is not necessarily identifying the criminals but finding ways to bring them to justice. Russia generally extends protection to domestic cybercriminals who do not harm Russian companies or consumers, or interfere with state interests. Consequently, it is incredibly challenging to capture high-value suspects when they leave Russia’s protection.
The situation in Ukraine has provided an opportunity for law enforcement to apprehend many of these criminals. Cybercriminal gangs that straddled Russia and Ukraine were forced to reevaluate several comrades working for The Other Side following the conflict. As a result, many cybercriminals who operated with impunity in the region chose to flee. Mark Sokolovsky, the operator of the popular “Raccoon” malware-as-a-service offering, was apprehended in March 2022 after fleeing Ukraine’s mandatory military service orders. Vyacheslav “Tank” Penchukov, a senior Ukrainian member of a transnational cybercrime group that stole tens of millions of dollars over nearly a decade from countless hacked businesses, was arrested after leaving Ukraine to meet up with his wife in Switzerland.
The indictment and search warrant against Kulkov show that cybercrime is a multimillion-dollar industry. As the demand for cybercrime services increases, there is a growing need for specialised cybersecurity experts to combat these criminals and protect vulnerable internet users.