At least 24 people were arrested in the United States and abroad in a US-led sting operation targeting cyber criminals buying and selling stolen credit card information, officials said Tuesday.
US Attorney Preet Bharara said the probe uncovered “a breathtaking spectrum of cyber schemes and scams” spread across the United States, Canada and 11 other countries in Europe and Asia.
“Operation Card Shop” targeted “sophisticated, highly organized cyber criminals” involved in selling stolen identities and credit cards along with fake documents and sophisticated hacking tools, the FBI’s assistant New York chief Janice Fedarcyk said.
The officials said the two-year operation began in June 2010, when the FBI established an undercover “carding forum,” aimed at mimicking websites operated by criminals to buy and sell information such as account numbers.
The FBI site called “Carder Profit” was configured to allow US agents to record discussion threads and private messages, and to track those using the site through their IP addresses.
Because the FBI was able to warn those affected by compromised accounts, the operation “prevented estimated potential economic losses of more than $205 million,” a statement by prosecutors said.
The FBI was also able to notify the credit card providers of more than 411,000 compromised credit and debit cards, and 47 companies, government entities, and educational institutions that their networks had been breached.
Eleven people were arrested in the United States and 13 others arrested overseas, in seven different countries, the prosecutors’ statement added.
Six people were arrested in Britain, two in Bosnia, and one each in Bulgaria, Norway and Germany on charges in those countries.
Two others were arrested Tuesday in Italy and Japan based on provisional warrants obtained by the United States in connection with charges unsealed in New York.
Bharara said those accused in the scheme “sold credit cards by the thousands and took the private information of untold numbers of people,” while offering “every stripe of malware and virus to fellow fraudsters.”
“As the cyber threat grows more international, the response must be increasingly global and forceful,” said Bharara, who is the US federal attorney for the Southern District of New York.
“The coordinated law enforcement actions taken by an unprecedented number of countries around the world today demonstrate that hackers and fraudsters cannot count on being able to prowl the Internet in anonymity and with impunity, even across national boundaries,” he said.
Law enforcement agencies in Britain, Australia, Bosnia, Bulgaria, Denmark, Canada, France, Germany, Italy, Japan, Macedonia and Norway took part in the investigation, the US officials said.
Of the 11 held in the United States, two are minors.
One of those arrested, Mir Islam, who uses the name “JoshTheGod,” claimed to be a member of UGNazi, a group that has claimed credit for numerous recent online hack attacks, and a founder of Carders.Org, a carding forum on the Internet. Officials said he had information for more than 50,000 credit cards.
The FBI said it seized the web server for UGNazi.com, and seized the domain name of Carders.org, taking both sites offline.
In a separate development, a security report Tuesday said a wave of cyber attacks has likely stolen at least $80 million from bank accounts in Europe.
The joint report by Guardian Analytics and McAfee said “Operation High Roller” was led by criminals attacking cloud-based servers in a global fraud campaign.
The report from the two US firms said the attacks tried to steal between $75 million and $2.5 billion (60 million to two billion euros) from at least 60 banks worldwide.