A global law-enforcement sting has brought down a credit-card fraud ring, the largest coordinated international action levied against "carders," criminals who traffic in stolen and fraudulent credit cards and personal financial information.
The sting, carried out over two years, resulted in the arrests yesterday (June 26) of 11 people in the U.S., as well as 13 alleged criminals in seven foreign countries.
According to complaints unsealed in a federal court in Manhattan yesterday, overseas arrests were made in the United Kingdom, Bosnia, Bulgaria, Norway, Germany, Italy and Japan. Four other suspects remained at large.
In a Department of Justice press statement, U.S. Attorney Preet Bharara outlined the specifics of the sting, which began in June 2010, when the FBI established an undercover online carding forum, called "Carder Profit." On the forum, members discussed topics related to credit-card fraud and offered to buy, sell and trade carding tools and services.
Carder Profit was built to allow the FBI to monitor and record the discussion threads and private messages and trace them back to specific IP addresses, and the program gave agents details they needed to track down the alleged criminals. The FBI kept the forum open until last month.
In the course of the two-year sting, officials said, the FBI alerted targeted individuals and banks, preventing an estimated loss of more than $205 million. The FBI also notified credit-card providers of more than 411,000 compromised credit and debit cards, and told 47 companies, government organizations and educational institutions of breaches on their networks.
"The coordinated law-enforcement actions taken by an unprecedented number of countries around the world today demonstrate that hackers and fraudsters cannot count on being able to prowl the Internet in anonymity and with impunity, even across national boundaries," Bharara said. "Clever computer criminals operating behind the supposed veil of the Internet are still subject to the longer arm of the law."
Agents in Australia, Canada, Denmark and Macedonia also conducted interviews and executed search warrants.
The 11 people arrested in the U.S. include Mir Islam, 18, also known as "JoshTheGod." Islam, accused of possessing information for more than 50,000 credit cards, claimed to be a member of " UGNazi," an Anonymous-affiliated hacking group that took credit for last week's Twitter outage.
Twitter said the outage was due to a technical issue. The FBI seized the Web server for UGNazi.com.
Another suspect, Michael Hogue, 21, known as "xVisceral," sold remote access malware to other carders, officials said. One of the tools, called "Hogue's RAT" (for "remote access tool"), sold for $50 and enabled the user to spy on victims through their Web cams and by recording keystrokes.
Another alleged carder, Jarand Romtveit, 25, who went by "zer0," allegedly used hacking tools to steal info from the internal databases of banks and online retailers. In February, in exchange for a laptop, he sold credit-card information to someone he thought was a carder but was actually an undercover FBI agent.