FBI busts 24 in massive international online financial crime takedown

FBI says two-year sting protected more than 400,000 potential victims and prevented losses of around $205 million.

The FBI today said it directed what it called the largest coordinated international law enforcement action in its history directed at online "carding" crimes typically involving stolen credit card, bank account or personal identification information of hundreds of thousands of victims around the world.

The FBI said the allegations unsealed in New York today "chronicle a breathtaking spectrum of cyber schemes and scams."  As charged, the FBI said the individuals sold credit cards by the thousands and took the private information of untold numbers of people. The defendants casually offered every stripe of malware and virus to fellow fraudsters, even including software-enabling cyber voyeurs to hijack an unsuspecting consumer's personal computer camera, the FBI stated.

IN PICTURES: The year in security mischief-making

According to the FBI, the coordinated sting operation-involved  13 countries, including the United States ad resulted in 24 arrests, including the domestic arrests of 11 individuals by federal and local authorities in the United States, and the arrests of 13 individuals abroad by foreign law enforcement in seven countries. In addition, the federal and local authorities and authorities overseas today conducted more than 30 interviews and executed more than 30 search warrants.  The operations was the culmination of a  two-year undercover operation led by the FBI that was designed to locate cybercriminals, investigate and expose them, and disrupt their activities.

"Today's arrests cause significant disruption to the underground economy and are a stark reminder that masked IP addresses and private forums are no sanctuary for criminals and are not beyond the reach of the FBI," said FBI Assistant Director in Charge Janice K. Fedarcyk in a statement.  "From New York to Norway and Japan to Australia, Operation Card Shop targeted sophisticated, highly organized cyber criminals involved in buying and selling stolen identities, exploited credit cards, counterfeit documents, and sophisticated hacking tools."

The FBI said it hoped the operation would put more than a dent in carding schemes and carding forum around the world. Carding forums are websites used by criminals engaged in carding to facilitate their criminal activity. Carders use carding forums to, among other things, exchange information related to carding, such as information concerning hacking methods or computer-security vulnerabilities that could be used to obtain personal identification information; and to buy and sell goods and services related to carding-for example, stolen credit or debit card account numbers, hardware for creating counterfeit credit or debit cards, or goods bought with compromised credit card or debit card accounts, the FBI stated.

IN THE NEWS: Hot high-tech thingamajigs

By way of background, the FBI said in June 2010, the agency set up an undercover carding forum called "Carder Profit" (the "UC Site"), that let users  discuss various topics related to carding and to communicate offers to buy, sell, and exchange goods and services related to carding, among other things.

"Since individuals engaged in these unlawful activities on one of many other carding websites on the Internet, the FBI established the UC Site in an effort to identify these cybercriminals, investigate their crimes, and prevent harm to innocent victims. The UC Site was configured to allow the FBI to monitor and to record the discussion threads posted to the site, as well as private messages sent through the site between registered users. The UC Site also allowed the FBI to record the Internet protocol (IP) addresses of users' computers when they accessed the site. The IP address is the unique number that identifies a computer on the Internet and allows information to be routed properly between computers," the FBI stated.

Access to the UC Site, which was taken offline in May 2012, was limited to registered members and required a username and password to gain entry. Various membership requirements were imposed from time to time to restrict site membership to individuals with established knowledge of carding techniques or interest in criminal activity. For example, at times, new users were prevented from joining the site unless they were recommended by two existing users who had registered with the site or unless they paid a registration fee.  New users registering with the UC Site were required to provide a valid e-mail address as part of the registration process. The e-mail addresses entered by registered members of the site were collected by the FBI.

The FBI also offered up a description of some of the suspects it busted.  It goes like this:

Michael Hogue, a/k/a "xVisceral," offered malware for sale, including remote access tools (RATs) that allowed the user to take over and remotely control the operations of an infected victim-computer. Hogue's RAT, for example, enabled the user to turn on the web camera on victims' computers to spy on them and to record every keystroke of the victim-computer's user. If the victim visited a banking website and entered his or her user name and password, the key logging program could record that information, which could then be used to access the victim's bank account. Hogue sold his RAT widely over the Internet, usually for $50 per copy and boasted that he had personally infected "50-100" computers with his RAT and that he'd sold it to others who had infected "thousands" of computers with malware. Hogue's RAT infected computers in the United States, Canada, Germany, Denmark, Poland, and possibly other countries.

Jarand Moen Romtveit, a/k/a "zer0," used hacking tools to steal information from the internal databases of a bank, a hotel, and various online retailers, and then sold the information to others. In February 2012, in return for a laptop computer, Romtveit sold credit card information to an individual he believed to be a fellow carder, but who, in fact, was an undercover FBI agent.

Mir Islam, a/k/a "JoshTheGod," trafficked in stolen credit card information and possessed information for more than 50,000 credit cards. Islam also held himself out as a member of "UGNazi," a hacking group that has claimed credit for numerous recent online hacks, and as a founder of "Carders.Org," a carding forum on the Internet. Last night, Islam met in Manhattan with an individual he believed to be a fellow carder-but who, in fact, was an undercover FBI agent-to accept delivery of what Islam believed were counterfeit credit cards encoded with stolen credit card information. Islam was placed under arrest after he attempted to withdraw illicit proceeds from an ATM using one of the cards. Today, the FBI seized the web server for UGNazi.com and seized the domain name of Carders.org, taking both sites offline.

Steven Hansen, a/k/a "theboner1," and Alex Hatala, a/k/a, "kool+kake," sold stolen CVVs, a term used by carders to refer to credit card data that includes the name, address, and zip code of the card holder, along with the card number, expiration date, and security code printed on the card. Hatala advertised to fellow carders that he got "fresh" CVVs on a "daily" basis from hacking into "DBs [databases] around the world."

Ali Hassan, a/k/a "Badoo," also sold "fulls," a term used by carders to refer to full credit card data including cardholder name, address, Social Security number, birthdate, mother's maiden name, and bank account information. Hassan claimed to have obtained at least some of them by having hacked into an online hotel booking site.

Joshua Hicks, a/k/a "OxideDox," and Lee Jason Jeusheng, a/k/a "iAlert, a/k/a "Jason Kato," each sold "dumps," which is a term used by carders to refer to stolen credit card data in a form in which the data is stored on the magnetic strips on the backs of credit cards. Hicks sold 15 credit card dumps in return for a camera and $250 in cash to a fellow carder who, unbeknownst to Hicks, was an undercover FBI agent. Hicks met the undercover agent in downtown Manhattan to consummate the sale. Similarly, Jeusheng sold 119 credit card dumps in return for three iPad 2s to a carder who was an undercover FBI agent. Jeusheng provided his shipping address in Japan to the undercover agent, which in part led to his identification and arrest.

Mark Caparelli, a/k/a "Cubby," engaged in a so-called "Apple call-in" scheme in which he used stolen credit cards and social engineering skills to fraudulently obtain replacement products from Apple Inc., which he then resold for profit. The scheme involved Caparelli obtaining serial numbers of Apple products he had not bought. He would then call Apple with the serial number, claim the product was defective, arrange for a replacement product to be sent to an address he designated, and give Apple a stolen credit card number to charge if he failed to return the purportedly defective product. Caparelli sold and shipped four iPhone 4 cell phones that he had stolen through the Apple call-in scheme to an individual whom he believed to be a fellow-carder, but who, in fact, was an undercover FBI agent.

Sean Harper, a/k/a "Kabraxis314," and Peter Ketchum, a/k/a "iwearaMAGNUM," each sold drop services to other carders in return for money or carded merchandise. Harper provided drop addresses in Albuquerque, New Mexico, to which co-conspirators sent expensive electronics, jewelry, and clothing, among other things. Ketchum advertised drop locations "spread across multiple cities" in the United States and allegedly received and shipped carded merchandise including sunglasses and air purifiers, as well as synthetic marijuana.

Christian Cangeopol CANGEOPOL, a/k/a "404myth," engaged in illegal "instoring" at Walmart to obtain Apple electronic devices with stolen credit cards. Instoring is a term used by carders to refer to using stolen credit card accounts to make in-store, as opposed to online, purchases of items using stolen credit card information and matching fake identifications. As part of the alleged scheme, Cangeopol and a co-conspirator used stolen credit card data to order electronic devices on Walmart's website; in selecting a delivery option, they opted to have items delivered to various Walmart stores in Georgia; Cangeopol then picked up the items using a fake identification; Cangeopol and the co-conspirator then resold the carded electronics and split the proceeds.

Follow Michael Cooney on Twitter: nwwlayer8 and on Facebook

Layer 8 Extra

Check out these other hot stories:

President Obama: Romney would be "outsourcer in chief"

NASA finds major ice source in Moon crater

US wants inventive ways to get research out of university labs and into the real world

NASA and FAA team to streamline, regulate commercial space access

Rare operating Apple 1 rakes in $374,500 at Sotheby's auction

NASA's Voyager spacecraft could be close to breaking free of our solar system

Congressman wants Justice Department to go after 911 "swatters"

50 Years later US Marshals remind Alcatraz escapees: We're still after you

FTC: Data broker Spokeo to pay $800,000 for selling personal data to employers for background checks

NASA Mars Lab mission gets inflight software upgrade, more specific landing spot

From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies