International Cyber Crime Takedown Said to Be Largest of Its Kind

A two-year undercover operation today netted two dozen arrests in eight countries in what federal authorities say is the largest coordinated international takedown  in history directed at those who traffic stolen financial data through online forums. The investigation uncovered 411,000 compromised credit and debit cards and saved an estimated $205 million in economic losses. Additionally, 47 companies, government entitites and educational institutions were notified their networks had been breached.

A two-year undercover operation today netted two dozen arrests in eight countries in what federal authorities say is the largest coordinated international takedown  in history directed at those who traffic stolen financial data through online forums. The investigation uncovered 411,000 compromised credit and debit cards and saved an estimated $205 million in economic losses. Additionally, 47 companies, government entitites and educational institutions were notified their networks had been breached.

The arrests were the result of an undercover “carding forum” the FBI established in June 2010 to try and find cybercriminals and prevent harm to victims. The bogus site restricted members to those with established knowledge or interest in exploiting stolen cards. New users required two established members to vouch for them or pay a lump-sum fee to join.

Federal agents  monitored discussion threads and private messages sent through the site between registered users.

They also recorded registered users’  IP addresses as they engaged in the sale of hacked victim account information, personal identification information, hacking tools, drop services, and other illegal activity. The site was taken down in May 2012.

“The allegations unsealed today chronicle a breathtaking spectrum of cyber schemes and scams,” said New York U.S. Attorney Preet Bharara in a statement. “As described in the charging documents, individuals sold credit cards by the thousands and took the private information of untold numbers of people. As alleged, the defendants casually offered every stripe of malware and virus to fellow fraudsters, even including software-enabling cyber voyeurs to hijack an unsuspecting consumer’s personal computer camera. To expose and prosecute individuals like the alleged cyber criminals charged today will continue to require exactly the kind of coordinated response and international cooperation that made today’s arrests possible.”

The 13 charged in the United States were located throughout the country. Two other minors also were charged but not named. Eleven others were arrested in the United Kingdom (6 arrests), Bosnia (2), and one each in Bulgaria, Norway and Germany. Two others – one arrested in Italy and another in Japan — also were arrested on provisional warrants originating in a southern New York U.S. District Court.

Among the U.S. charges outlined in a U.S. Justice Department news release:

  • Michael Hogue (a.k.a. “xVisceral”), 21, of Tucson, Ariz. offered remote access tools for $50 a copy that Hogue boasted had infected “thousands” of computers in the United States, Canada, Germany, Denmark, Poland and possibly other countries.  
  • Jarand Moen Romtveit (“zer0”), 25, of Norway who used hacking tools to steal information from the internal databases of a bank, a hotel, and various online retailers, and then sold the information to others. In February 2012, he unwittingly swapped stolen credit card information for a laptop computer belonging to an undercover FBI agent.  
  • Mir Islam (“JoshTheGod”), 18, of Bronx, N.Y. possessed information for more than 50,000 stolen credit cards. Islam claimed to be a member of the hacking group UGNazi and this week delivered a batch of counterfeit credit cards to an undercover FBI agent posing as a fellow carder. Federal authorities pulled offline the sites UGNazi.com and Carders.org as part of the bust.  
  • Steven Hansen (“theboner1”), 23, who is serving a prison term in Kentucky, and Alex Hatala (“kool+kake”), 19, of Jacksonville, Fla., sold stolen credit card data. Hatala told fellow carders he received “fresh” credit card data daily from hacking databases worldwide.  
  • Ali Hassan (“Badoo”) 22, of Italy sold full credit card data including cardholder name, address, Social Security number, birthdate, mother’s maiden name, and bank account information. Hassan claimed to have obtained at least some of them by having breaking into an online hotel booking site.  
  • Joshua Hicks (“OxideDox”), 19 of Bronx, N.Y., and Lee Jason Jeusheng (“iAlert”), 23, of Japan each sold “dumps,” which is a term used by carders to refer to stolen credit card data in a form in which the data is stored on the magnetic strips on the backs of credit cards. Hicks was highlighted by news outlets for selling 15 credit card dumps for a camera and $250 cash. An FBI agent he sold the data later linked him to Hicks’ Facebook account. Jeusheng sold 119 credit card dumps in return for three iPad 2s to an undercover FBI agent. Jeusheng provided his shipping address in Japan to the undercover agent, which in part led to his identification and arrest.  
  • Mark Caparelli (“Cubby”), 20, of San Diego engaged in a scheme using stolen credit cards and social engineering skills to fraudulently obtain replacement products from Apple Inc., which he then resold for profit.”The scheme involved Caparelli obtaining serial numbers of Apple products he had not bought. He would then call Apple with the serial number, claim the product was defective, arrange for a replacement product to be sent to an address he designated, and give Apple a stolen credit card number to charge if he failed to return the purportedly defective product. Caparelli sold and shipped four iPhone 4 cell phones that he had stolen through the Apple call-in scheme to an individual whom he believed to be a fellow-carder, but who, in fact, was an undercover FBI agent.”  
  •  Sean Harper (a.k.a. “Kabraxis314”), 23, of Albuquerque, N.M., and Peter Ketchum (“iwearaMAGNUM”), 21, of Pittsfield, Mass., each sold drop services to other carders in return for money or carded merchandise. Harper provided drop addresses in his hometown to which co-conspirators sent expensive electronics, jewelry, and clothing, among other things. Ketchum advertised drop locations “spread across multiple cities” in the United States and allegedly received and shipped carded merchandise including sunglasses, air purifiers and synthetic marijuana.  
  • Christian Cangeopol (“404myth”), 19, of Lawrenceville, Ga., used stolen credit card information and fake credentials at a Walmart store to obtain Apple electronic devices with stolen credit cards. Cangeopol and a co-conspirator also used stolen credit card data to order electronic devices on Walmart’s Web site and ship them to various Walmart stores in Georgia, where the pair resold the electronics and split the proceeds.  

Suggested articles

Google For First Time Reports FBI Non-Warrant Requests for User Data

Google today revealed – if in vague terms – it last year received less than 1,000 “national Security letters” from federal authorities seeking financial and communications data on up to almost 2,000 individuals. The disclosure of such government requests marks a first for a major Internet service provider.

Three Charged with Creating, Distributing Gozi Banking Malware

Charges will be brought today in the U.S. District Court for the Southern District of New York against three men allegedly involved with creating and distributing the Gozi banking Trojan. Gozi infected more than a million computers worldwide, including a handful at NASA, leading to tens of millions of dollars in lost banking funds and damages to computer systems and networks.