2-Year Sting Nets FBI Dozens of Suspected Cybercrooks
The FBI has made a series of arrests targeting suspected online fraudsters who allegedly used technological tricks to rip off victims via their credit cards. The federal sting involved setting up online chat rooms where suspected cybercrooks could swap pointers and best practices -- all while being secretly monitored by law enforcement.
06/27/12 10:53 AM PT
The U.S. Federal Bureau of Investigation has arrested dozens of alleged cybercriminals in an international sting to crack down on Internet fraudsters.
The arrests were the result of a two-year global sting operation conducted by the FBI and designed to nab hackers in "carding" crimes, in which perpetrators steal credit card or other personal information via the Internet and then conduct fraudulent transactions.
As part of the bust, called "Operation Card Shop," undercover FBI agents created an online forum called "Carder Profit," where hackers could communicate and exchange hacking tips or services in what they thought was a secure space. To maintain the appearances that it was a safe site, the FBI would impose certain restrictions to joining, such as registration fees or requiring that a new member be invited by two existing users.
Through Carder Profit, agents were able to gain information from hackers, monitor their communication and obtain the IP and e-mail addresses of the suspected cybercriminals. The FBI shut down the site last month.
Using the information from Carder Profit, the FBI arrested 24 individuals in 13 countries on Tuesday. Domestic authorities nabbed suspects in states including New York, California and Florida, while foreign law enforcement officers picked up alleged hackers in the United Kingdom, Bosnia, Bulgaria, Norway and Germany.
The FBI declined to provide further details.
New Ways to Scam
Many of the individuals arrested are suspected to have engaged in several types of Internet crimes. One, Michael Hogue, who went by the name "xVisceral," sold malware for $50 a copy that would allow the virus user to take over and control a victim's computer, according to authorities. He allegedly boasted that his sales had led to "thousands" of computer infections.
Two others, Joshua Hicks, or "OxideDox," and Lee Jason Jeusheng, or "iAlert," are suspected of selling "dumps." Carders use the term "dumps" when referring to stolen credit card data that is stored on magnetic strips on the back of credit cards. The two sold dumps in exchange for cash, a camera and iPads to undercover FBI agents in Manhattan, officials said.
Others were arrested for crimes such as using stolen credit cards to fraudulently obtain replacement Apple products to resell for profit or selling full credit card data obtained from hacking into an online hotel booking site. One suspect allegedly offered to ship stolen products and arrange drop sites for products such as sunglasses, air purifiers and synthetic marijuana.
Cracking Down on Online Crime
The federal sting underscored the growing threat of worldwide cybercrime activity as more people use online payment and banking options, Kevin Smith, an attorney specializing in criminal law, told the E-Commerce Times.
"While such carding schemes are relatively new, and thus the precedents for sentences are not as voluminous as in the child porn and other Internet crime scenarios, it is in essence merely a variation on the ages-old theme of fraud, and so the judge will have precedent to choose from," he said.
The high-profile federal arrests could also serve as a warning to other cybercriminals, said Smith. A two-year undercover sting operation is no small undertaking, he said -- proof that law enforcement is taking Internet fraud very seriously.
"These crimes differ from more salacious Internet crimes like child porn or online solicitation of a minor in that they are less fettered by mandatory minimum sentences and public scorn," said Smith. "But these arrests nonetheless signal that the government takes them just as seriously, when you consider the amount of resources that undoubtedly went into an international investigation, apprehension, and prosecution of this sort."
Although the law may focus on fighting fraudulent online activity, the Web will most likely never be eradicated of cybercriminals, said Mark Bower, vice president of Voltage Security. He offered tips for consumers.
"Never send unencrypted credit or debit card data in an e-mail, always encrypt your e-mail if it's necessary to do this," he told the E-Commerce Times. "Ensure your system is free of malware and viruses by being up-to-date with antivirus and spyware scans."
Above all, he warned to trust your instincts -- if something seems suspicious, it probably is.