Federal authorities said Tuesday they arrested 24 individuals in a massive international law enforcement effort targeting online credit card fraud and other financial cybercrime.
Eleven of the suspects were arrested in the U.S.; the rest were arrested in seven foreign countries, including the United Kingdom and Bulgaria. In all, 13 countries were involved in the cybercrime sting.
“The allegations unsealed today chronicle a breathtaking spectrum of cyber schemes and scams,” Preet Bharara, U.S. attorney for the Southern District of New York, said in a statement. “As described in the charging documents, individuals sold credit cards by the thousands and took the private information of untold numbers of people. As alleged, the defendants casually offered every stripe of malware and virus to fellow fraudsters, even including software enabling cyber voyeurs to hijack an unsuspecting consumer’s personal computer camera.”
In June 2010, the FBI set up an undercover carding operation – called “Carder Profit” – to target cybercriminals engaged in online financial fraud. The site was configured to allow the FBI to monitor and record discussion threads as well as the IP addresses of users when they accessed the site.
The FBI said it prevented estimated losses of more than $205 million during the undercover operation by contacting many affected institutions and individuals. The agency notified credit card providers of more than 411,000 compromised credit and debit cards.
Among those arrested in the U.S. included Mir Islam, also known as “JoshTheGod,” who allegedly trafficked in stolen credit card information and claimed to be a member of the Underground Nazi Hacktivist Group (UGNazi) and a founder of Carders.org. Authorities said he was arrested in Manhattan Monday night after meeting with a person he thought was bringing him counterfeit credit cards but was actually an undercover FBI agent. Islam was arrested after he tried to withdraw money from an ATM using one of the counterfeit cards. The FBI said it seized the Web server for UGNazi.com and the domain name of Carders.org, taking both sites offline.
Last week, a hacker claiming affiliation with UGNazi said the group was responsible for Thursday’s two-hour Twitter outage, but Twitter denied the allegation. UGNazi has claimed responsibility for several politically and socially motivated attacks against Google, BP, Comcast, and last month’s CloudFlare security breach.
Another suspect in Tuesday’s carding crackdown, Michael Hogue, allegedly offered malware for sale, including a program that recorded keystrokes and allowed the user to turn on the Web camera on a victim’s computer to spy on the person.
Others arrested are involved in a variety of crimes, including hacking into corporate databases and selling the information, selling stolen credit card data, and using stolen credit cards to receive Apple replacement parts fraudulently.