Skip Links

Network World

  • Social Web 
  • Email 
  • Close

Identity theft: The Shadowcrew case

Shadowcrew's crime, and how to protect yourself against it
Security Strategies Alert By M. E. Kabay , Network World , 01/22/2008
Sign up for this newsletter now!

In my last column in this series on identity theft, I introduced some statistical resources about the problem. Today I'll begin discussing some of the nasty techniques used for identity theft and how to defend against them.

Stealing physical credit cards and creating fake ones are part of the criminal technique called “carding.” One of the significant recent successful investigations and prosecutions of an international credit-card fraud ring began with the U.S. Secret Service's Operation Firewall in late 2004. The investigators discovered an network of over 4,000 members communicating through the Internet and conspiring to use phishing, spamming, forged identity documents (e.g., fake driver’s licenses), creation of fake plastic credit cards, resale of gift cards bought with fake credit cards, fencing of stolen goods via eBay, and interstate or international funds transfers using electronic money such as E-Gold and Web Money.

In October 2004, the Department of Justice indicted 19 of the leaders of Shadowcrew; by November 2005, 12 of them had already pleaded guilty to charges of conspiracy and trafficking in stolen credit card numbers with losses of more than $4 million. 

In February 2006, Shadowcrew leader Kenneth J. Flury, 41, of Cleveland, Ohio, was sentenced to 32 months in prison with three years of supervised release and $300,000 in restitution to Citibank. In June 2006, co-founder Andrew Mantovani, 24, of Scottsdale, Ariz., was fined $5,000 and also received 32 months of prison with three years of supervised release. Five other indicted Shadowcrew criminals were sentenced with him. By that time, a total of 18 of 28 indicted suspects had already pleaded guilty

One of the lessons we teach our “Cyberlaw & Cybercrime” students at Norwich University is that everyone with a credit card ought to check their statement immediately upon receiving it.

Every line should be recognizable; if it is not, call your credit-card company to find out what a particular charge is for and where it was charged. Tell your company to freeze your card account if there is any question of its having been compromised. Write down the details of every conversation with the credit-card company employees (date, time, name of employee, case number) in case you need evidence to clear your own name.

Partner Content

Brilliantly simple security and control solutions for email, web and endpoint

www.sophos.com

Stopping data leakage

Learn how to exploit your current security investment to control the information that flows into, through and out of your network.

Download the white paper.

Why detection rates aren't enough

Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.

Download the white paper.

Unauthorized applications: Taking back control

Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?

Download the white paper.

Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to moderator approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed
Save The Date!
What They Are Saying

Intel...I guarantee you will never ever see a customer using Wimax the way it was laid out by Intel 6...- Anonymous

Join the Discussion