FBI cyber sting breaks massive international ‘carding’ operation
An intricate, two-year FBI Internet undercover operation that lured alleged cyber thieves to a fake Website netted two dozen arrests of hackers in eight countries in what the agency said is one of the largest coordinated international law enforcement actions in history directed at “carding” crimes.
The operation, said the FBI, potentially saved legitimate credit card customers over $200 million and protected over 400,000 potential victims.
“Carding” crimes traffic in and exploit stolen credit card, bank account and other personal identification information of hundreds of thousands of victims globally, said the FBI.
The agency’s sting Web site operated something like familiar legitimate auction sites, only selling malware and stolen credit card information and was populated by alleged criminals, according to the FBI. The range of nefarious products offered up for sale on the site not only included credit card information, but a range of malware that could be used in a wide range of illegal electronic activities. For instance, one seller, Michael Hogue, a/k/a “xVisceral,” allegedly offered remote access tools (RATs) that could be used to spy on computers and Web camera. It could be used to log a victim’s computer keyboard strokes to steal bank account access information and passwords.
Another man was accused of selling “fulls,” which is a full package of stolen personal identification and credit card information cardholder name, address, Social Security number, birth date, mother’s maiden name, and bank account information.
The coordinated action involving 13 countries, including the U.S., resulted in 24 arrests, including 11 people by U.S. federal and local authorities. Thirteen people in seven other countries were arrested by foreign law authorities.
In the U.S., authorities arrested Christian Cangeopol, a/k/a “404myth,” was arrested today in Lawrenceville, GA; Mark Caparelli, a/k/a “Cubby,” was arrested in San Diego; Sean Harper, a/k/a “Kabraxis314,” was arrested in Albuquerque, N.M; Alex Hatala, a/k/a “kool+kake,” was arrested in Jacksonville, FL; Joshua Hicks, a/k/a “OxideDox,” was arrested in Bronx, NY; Michael Hogue, a/k/a “xVisceral,” was arrested in Tucson, AZ; Mir Islam, a/k/a “JoshTheGod,” was arrested in Manhattan; Peter Ketchum, a/k/a “IwearaMAGNUM,” was arrested in Pittsfield, MA; Steven Hansen, a/k/a “theboner1,” was arrested in Wisconsin, where he is currently serving a prison sentence on state charges.
Two minors, whom the FBI didn’t name, were arrested in Long Beach and Sacramento, CA.
Internationally, arrests were made in Bosnia, Bulgaria, Germany, Italy, Japan, Norway, and the U.K., according to the FBI. Charges were also unsealed in New York against four additional defendants who remain at large.
“The allegations unsealed today chronicle a breathtaking spectrum of cyber schemes and scams,” said Manhattan U.S. Attorney Preet Bharara in a June 26 statement. “As described in the charging documents, individuals sold credit cards by the thousands and took the private information of untold numbers of people. As alleged, the defendants casually offered every stripe of malware and virus to fellow fraudsters, even including software-enabling cyber voyeurs to hijack an unsuspecting consumer’s personal computer camera. To expose and prosecute individuals like the alleged cyber criminals charged today will continue to require exactly the kind of coordinated response and international cooperation that made today’s arrests possible.”
In June 2010, the FBI established an undercover carding forum called “Carder Profit” that allowed users to discuss carding crime and to communicate offers to buy, sell, and exchange goods and services related to carding, among other things. The FBI said the site offered a viable way into the world of carding since the people engaged in the activities were used to such sites. It said the site also offered a way to shield potential victims of the alleged crimes. The UC Site was configured to allow the FBI to monitor and to record the discussion threads posted to the site, as well as private messages sent through the site between registered users. The site also allowed the FBI to record the Internet protocol (IP) addresses of users’ computers when they accessed the site. The IP address is the unique number that identifies a computer on the Internet and allows information to be routed properly between computers.
Access to the UC Site, which was taken offline in May, was limited to registered members and required a username and password to gain entry, said the agency. Various membership requirements were imposed from time to time to restrict site membership to individuals with established knowledge of carding techniques or interest in criminal activity. For example, at times, new users were prevented from joining the site unless they were recommended by two existing users who had registered with the site or unless they paid a registration fee.
New users registering with the UC Site were required to provide a valid e-mail address as part of the registration process. The e-mail addresses entered by registered members of the site were collected by the FBI.
Those charged in the operation face between five and 20 years in prison if convicted, according to the FBI.
http://www.GregoryDEvans.com, http://www.Locatepc.net, http://stolencomputeralert.com, http://computersecurityexpert.net, http://www.hackerforhireusa.com, http://www.GregoryDEvans.net, AmIHackerProof.com, http://ParentSecurityOnline.com, http://TheCyberWars.com, http://hiphopsecurity.com, http://HackerForHireinternational.com, http://www.computersecurityguru.com, http://computer-security-expert.com