“PopeyeTools” Dismantled: Justice Department Seizes Cybercrime Marketplace and Charges Administrators
In a significant operation targeting cybercriminal infrastructure, the U.S. Department of Justice announced the seizure of PopeyeTools, an illicit online marketplace specializing in the sale of stolen credit cards, bank account credentials, and tools used to facilitate cybercrime, including ransomware attacks. Three individuals alleged to be the administrators of the platform – Abdul Ghaffar, Abdul Sami, and Javed Mirza – have been charged with conspiracy to commit access device fraud, trafficking access devices, and solicitation of another person for the purposes of offering access devices.
Operating since 2016, PopeyeTools functioned as a sophisticated platform where cybercriminals could obtain compromised financial data and tools to conduct illicit activities. The marketplace boasted a global reach, impacting an estimated 227,000 individuals and generating at least $1.7 million in illicit proceeds.
“As alleged, Ghaffar, Sami, and Mirza founded and ran a longstanding online marketplace that sold illicit goods and services for use in committing cybercrimes, including ransomware attacks and financial frauds,” stated Principal Deputy Assistant Attorney General Nicole M. Argentieri, head of the Justice Department’s Criminal Division. “Today’s announcement of the takedown of the PopeyeTools domains, the criminal charges against its operators, and the seizure of cryptocurrency is yet another example of the department’s ‘all-tools’ approach to combatting cybercrime.”
This operation involved extensive collaboration between the FBI, the Justice Department’s Office of International Affairs, and law enforcement agencies in the United Kingdom and Malaysia. “Dismantling the infrastructure of cyber criminals and seizing their funds are key aspects of the FBI’s cyber strategy,” affirmed Assistant Director Bryan Vorndran of the FBI’s Cyber Division.
If convicted, Ghaffar, Sami, and Mirza each face a maximum penalty of 10 years in prison for each of the three access device offenses.
