When Cybercrime Meets Hip-Hop
What I Read This Week: Rapper get's account frozen, then sues
Something interesting I read this week. A rapper got his account frozen by his bank, now he’s suing them.
Didn’t see that one coming.
Here’s Krebs post on it.
https://krebsonsecurity.com/2024/08/cybercrime-rapper-sues-bank-over-fraud-investigation/
Some Background
For some context, this activity was first reported back In January.
A rapper who was making music videos on committing various forms of Cybercrime and fraud, and teaching viewers how to do it.
Amongst the operation is shops selling stolen payment cards and identity data, including logins to financial accounts.
Here is a snapshot of the activity from the Telegram channel
These kind of sites operate where buyers will receive logins for an agreed upon sum (usually in Crypto). These can be compromised accounts that were bought in bulk, or involved in SIM Swaps.
In a nutshell, the more eyes to his music the more potential buyers to the data.
On June 26, Plaintiff Devon Tuner filed a pro se lawsuit against PNC Bank, alleging “unlawful discriminatory and tortuous action” after he was denied a wire transfer in the amount of $75,000.
This is where things don’t check out. From the letter, there’s no self disclosure of anything that took place before the account being frozen by PNC. Just that is was “due to suspicious activity”.
Then comes the data points that don’t look good for the Plaintiff.
For starters, he’s been shown in music videos wearing a card skimmer covered in diamonds, and with song titles “Chase Login”, “Wire Fraud Tutorial”, doesn’t look to promising for this guy.
The Lawsuit
Now on to the lawsuit. As shown in the below image, the owner of Punchmade Records LLC is Devon Turner. This turns out to be the assumed name of OBN Group LLC, the actual business name.
Another interesting point is that the email obndevpayments@gmail[.]com was utilized to register the domain foreverpunchmade[.]com, and later punchmade[.]cc. This email? He used in the lawsuit letter. The phone number was also associated in the purchase of these two domains, the phone number which he used in the lawsuit.
Some simple whois lookups, reveal more
~ % whois foreverpunchmade.com | grep Date
Updated Date: 2024-06-14T04:23:41Z
Creation Date: 2021-12-30T22:39:44Z
Registry Expiry Date: 2025-12-30T22:39:44Z
~ % whois punchmade.cc | grep Date
Updated Date: 2024-06-24T09:38:14Z
Creation Date: 2023-09-14T00:07:41Z
Registry Expiry Date: 2024-09-14T00:07:41Z
Newly registered domains, or newly updated domains are suspicious by nature and this is a data point used in the Cybersecurity community.
As you can imagine, they have declined multiple requests to comment for the story.
This backs up to the notion that most fraudsters are not actually that sophisticated. Covering your tracks and providing some minimal misdirection is expected, but not always done in practice.
Wrapping Up
Could it be the best troll performance in the Cybercrime rap scene? (If that was even a thing)
Or is the curtain closing on Punchmade Dev? (From bars to actual bars)
Maybe this is what modern day script kiddies look like. Guess we’ll find out.
If you enjoyed this post,