RESCATOR, also known as Helkern or Ikaikki, is a well-known Ukrainian hacker and top member of the now-defunct Russian underground forum, Lampeduza.la. Rescator reportedly specializes in the trading of stolen credit card details, and is, in fact, believed to be one of the most high-profile dealers currently on the Internet.
According to Group-IB, Russia’s leading agency in cyber security intelligence, Rescator dominates the stolen credit card industry and has uploaded more than 5 million sets of stolen credit card credentials to an online carding forum known as SWIPED, between the years 2013 and 2014.
Apart from running his trade on SWIPED (of which he is not the owner), Rescator is also believed to operate multiple darknet markets for stolen credit card data at the following websites:
Supposedly, he set up one or more of these websites when Lampeduza.la was infiltrated by Russian law enforcement. These websites are unique in that they allow registered users to search for stolen credit card data by zip code, so that the data can be cashed out (or monetized) more locally to their victim to avoid alerting banks. Unlike major marketplaces like Tor Carding Forums (TCF), the Rescator websites are free to use and only accept Bitcoin payments without escrow. This means that once funds are released, no disputes or reimbursements will be entertained.
Rescator in American and Popular Culture
It is worth mentioning that “Rescator” is the namesake of a pirate-like character in the Angélique series of French historical fiction books. The character, in many ways, is a contemporary depiction of antagonists and villains, in which unlawful acts and behavior are justified by a sense of morale. Ten of the Angélique works have been revised for an English audience, and five of them have been made into popular films.
The influence of Rescator, the hacker, is just as far-reaching. He has a presence, or has otherwise been seen trading, on carding forums like cpro.su and vor.cc. But the stolen credit card details from the likes of Home Depot and Sally Beauty Holdings—both American enterprises—have landed on his own websites, adding to his fanfare and notoriety. In March 2014, one of his sites was the target of cyber vandalism which donned a hateful message alongside Will Smith’s “Men in Black” music video.
According to an extensive study conducted by American journalist and investigative reporter Brian Krebs, Rescator was also responsible for the 2013 electronic point of sale (POS) attack which compromised the credit card details of as many as 70 million people who frequently shopped at Target, a United States discount retailer. In this attack, the word “Rescator” was included as a signature in the source code of Kaptoxa, the memory-scraping malware program used to gain access to Target’s point of sale systems and steal its payment data.
Brian Krebs also believes that a Ukrainian man by the name of Andrey Hodirevski may be the true identity of the hacker known as Rescator. He came to this conclusion by tracking Rescator’s online post history and website registration information, and used this data to compose a “picture” of his life. Krebs claims to have come across pictures of Andrey Hodirevski that were similar to pictures of Rescator that had been uploaded to a variety of hacking forums. Nonetheless, it has yet to be proven that Andrey Hodirevski is indeed Rescator, leaving the real-life identity of the young hacker shrouded in mystery.