From DFI News
A two-Year FBI Undercover “Carding” Operation Protected Over 400,000 Potential Cyber Crime Victims and Prevented Over $205 Million in Losses.
Preet Bharara, the United States Attorney for the Southern District of New York, and Janice K. Fedarcyk, the Assistant Director-in-Charge of the New York Field Office of the Federal Bureau of Investigation, have announced the largest coordinated international law enforcement action in history directed at “carding” crimes — offenses in which the Internet is used to traffic in and exploit the stolen credit card, bank account and other personal identification information of hundreds of thousands of victims globally. The coordinated action — involving 13 countries including the United States — resulted in 24 arrests, including the domestic arrests of 11 individuals by federal and local authorities in the United States, and the arrests of 13 individuals abroad by foreign law enforcement in seven countries. In addition, the federal and local authorities, and authorities overseas, conducted more than 30 subject interviews, and executed more than 30 search warrants. The coordinated actions result from a two-year undercover operation led by the FBI that was designed to locate cybercriminals, investigate and expose them and disrupt their activities.
Eleven individuals were arrested in the United States. In addition, two minors were arrested. Two of those arrested will be presented before a magistrate judge in the Southern District of New York. The other federally arrested defendants will be presented before magistrate judges in the corresponding federal districts of arrest.
Another 13 individuals were arrested in seven foreign countries. Eleven of those individuals were arrested as a result of investigations commenced in foreign jurisdictions based in part on information arising out of the undercover operation and provided by the FBI to foreign law enforcement. Those 11 arrests occurred in: the United Kingdom (6 arrests), Bosnia (2), Bulgaria (1), Norway (1), and Germany (1). Two additional defendants were arrested in foreign countries based on provisional arrest warrants obtained by the United States in connection with Complaints unsealed in the Southern District of New York. Australia, Canada, Denmark and Macedonia conducted interviews, executed search warrants or took other coordinated action in connection with the takedown.
Charges were also unsealed in the Southern District of New York against four additional defendants who remain at large.
Manhattan U.S. Attorney Preet Bharara said, “As the cyber threat grows more international, the response must be increasingly global and forceful. The coordinated law enforcement actions taken by an unprecedented number of countries around the world today demonstrate that hackers and fraudsters cannot count on being able to prowl the Internet in anonymity and with impunity, even across national boundaries. Clever computer criminals operating behind the supposed veil of the Internet are still subject to the long arm of the law.
The allegations unsealed chronicle a breathtaking spectrum of cyber schemes and scams. As described in the charging documents, individuals sold credit cards by the thousands and took the private information of untold numbers of people. As alleged, the defendants casually offered every stripe of malware and virus to fellow fraudsters, even including software enabling cyber voyeurs to hijack an unsuspecting consumer's personal computer camera. To expose and prosecute individuals like the alleged cyber-criminals charged today will continue to require exactly the kind of coordinated response and international cooperation that made today’s arrests possible.”
FBI Assistant Director-in-Charge Janice Fedarcyk said, “From New York to Norway and Japan to Australia, Operation Card Shop targeted sophisticated, highly organized cyber criminals involved in buying and selling stolen identities, exploited credit cards, counterfeit documents, and sophisticated hacking tools. Spanning four continents, the two-year undercover FBI investigation is the latest example of our commitment to rooting out rampant criminal behavior on the Internet.
Cyber crooks trade contraband and advance their schemes online with impunity, and they will only be stopped by law enforcement’s continued vigilance and cooperation. The arrests cause significant disruption to the underground economy and are a stark reminder that masked IP addresses and private forums are no sanctuary for criminals and are not beyond the reach of the FBI.”
The following allegations are based on the Complaints unsealed in Manhattan federal court:
Background on “Carding” Crimes
“Carding” refers to various criminal activities associated with stealing personal identification information and financial information belonging to other individuals — including the account information associated with credit cards, bank cards, debit cards, or other access devices — and using that information to obtain money, goods, or services without the victims’ authorization or consent. For example, a criminal might gain unauthorized access to (or “hack”) a database maintained on a computer server and steal credit card numbers and other personal information stored in that database. The criminal can then use the stolen information to, among other things: buy goods or services online; manufacture counterfeit credit cards by encoding them with the stolen account information; manufacture false identification documents (which can be used in turn to facilitate fraudulent purchases); or sell the stolen information to others who intend to use it for criminal purposes. “Carding” refers to the foregoing criminal activity generally and encompasses a variety of federal offenses, including, but not limited to, identification document fraud, aggravated identity theft, access device fraud, computer hacking and wire fraud.
“Carding forums” are websites used by criminals engaged in carding (“carders”) to facilitate their criminal activity. Carders use carding forums to, among other things: exchange information related to carding, such as information concerning hacking methods or computer-security vulnerabilities that could be used to obtain personal identification information; and to buy and sell goods and services related to carding, for example, stolen credit or debit card account numbers, hardware for creating counterfeit credit or debit cards, or goods bought with compromised credit card or debit card accounts. Carding forums often permit users to post public messages — postings that can be viewed by all users of the site — sometimes referred to as “threads.” For example, a user who has stolen credit card numbers may post a public “thread” offering to sell the numbers. Carding forums also often permit users to communicate one-to-one through so-called “private messages.” Because carding forums are, in essence, marketplaces for illegal activities, access is typically restricted to avoid law enforcement surveillance. Typically, a prospective user seeking to join a carding forum can only do so if other, already established users “vouch” for him or her, or if he or she pays a sum of money to the operators of the carding forum. User accounts are typically identified by a username and access is restricted by password. Users of carding forums typically identify themselves on such forums using aliases or online nicknames (“nics”).
Individuals who use stolen credit card information to purchase goods on the Internet are typically reluctant to ship the goods to their own home addresses, for fear that law enforcement could easily trace the purchases. Accordingly, carders often seek out “drop addresses” — addresses with which they have no association, such as vacant houses or apartments, where carded goods can be shipped and retrieved without leaving evidence of their involvement in the shipment.
Background on the Undercover Operation
In June 2010, the FBI established an undercover carding forum, called “Carder Profit” (the “UC Site”), enabling users to discuss various topics related to carding and to communicate offers to buy, sell, and exchange goods and services related to carding, among other things. Since individuals engaged in these unlawful activities on one of many other carding websites on the Internet, the FBI established the UC Site in an effort to identify these cybercriminals, investigate their crimes, and prevent harm to innocent victims. The UC Site was configured to allow the FBI to monitor and to record the discussion threads posted to the site, as well as private messages sent through the site between registered users. The UC Site also allowed the FBI to record the Internet protocol (“IP”) addresses of users’ computers when they accessed the site. The IP address is the unique number that identifies a computer on the Internet and allows information to be routed properly between computers.
Access to the UC Site, which was taken offline in May 2012, was limited to registered members and required a username and password to gain entry. Various membership requirements were imposed from time to time to restrict site membership to individuals with established knowledge of carding techniques or interest in criminal activity. For example, at times, new users were prevented from joining the site unless they were recommended by two existing users who had registered with the site, or unless they paid a registration fee.
New users registering with the UC Site were required to provide a valid e-mail address as part of the registration process. The e-mail addresses entered by registered members of the site were collected by the FBI.
Harm Prevented By the Undercover Operation
In the course of the undercover operation, the FBI contacted multiple affected institutions and/or individuals to advise them of discovered breaches in order to enable them to take appropriate responsive and protective measures. In so doing, the FBI has prevented estimated potential economic losses of more than $205 million, notified credit card providers of over 411,000 compromised credit and debit cards, and notified 47 companies, government entities, and educational institutions of the breach of their networks.
The Charged Conduct
As alleged in the Complaints unsealed in the Southern District of New York, the defendants are charged with engaging in a variety of online carding offenses, in which they sought to profit through, among other means, the sale of hacked victim account information, personal identification information, hacking tools, “drop” services and other services that could facilitate carding activity.
Comments