U.S. law enforcement officials on Tuesday said 24 suspected hackers had been arrested on four continents in a sting operation targeting online financial fraud involving stolen credit card and bank information.
The two-year investigation, in which FBI agents posed as hackers on Internet forums, prevented more than $205 million in losses on more than 411,000 compromised consumer credit and debit cards, U.S. authorities in New York said.
Eleven people were arrested in the United States, the FBI and the Manhattan U.S. Attorney's Office said. The 13 others were arrested in countries spanning from Britain to Japan, the authorities said.
"Clever computer criminals operating behind the supposed veil of the Internet are still subject to the long arm of the law," Manhattan U.S. Attorney Preet Bharara said.
Two people were arrested in the New York area, the authorities said, and were expected to appear in Manhattan federal court later on Tuesday. A person familiar with the matter said earlier on Tuesday that three people have been arrested in the New York area.
One of the men, Mir Islam, known online as "JoshTheGod," was charged with trafficking in 50,000 stolen credit card numbers. Authorities said Islam had admitted to helping emerging hacker outfit UgNazi, which said it had launched a cyber attack against the microblogging platform Twitter last week.
A lawyer for Islam did not immediately respond to a request for comment on the charges.
Joshua Hicks, also known as "OxideDox," was charged with one count of access device fraud in a criminal complaint unsealed on Tuesday.
The 24 people arrested were all men and ranged from 18 to 25-years old. Some face up to 40-years or more in prison if convicted on conspiracy to commit wire fraud charges and access device fraud charges.
The FBI operation centered around a "carding forum" that it had secretly created in June 2010, and was in charge of running unbeknownst to its participants, authorities said.
The forum, called "Carder Profit," was essentially an online market for registered users to exchange stolen account numbers. It was shut down in May.
Meanwhile on Tuesday, the U.S. Federal Trade Commission filed a complaint against Wyndham Worldwide Corp. and three subsidiaries, alleging that the hotel operator failed to secure customer data.
That failure resulted in the theft of hundreds of thousands of consumer payment card numbers, which were sent to an Internet address registered in Russia, and $10.6 million in fraudulent charges, according to the complaint.
The cases are U.S. v Joshua Hicks and U.S. v. Mir Islam, U.S. District Court for the Southern District of New York, No 12-1639, 12-1701.