FBI Busts Massive International Carding Ring

Two-year, 13-country investigation results in 28 people charged with online trafficking of stolen credit card, bank account, or other personal information.

Mathew Schwartz

June 27, 2012

5 Min Read
Network Computing logo

The Justice Department announced Monday that 28 people have been charged with "carding" crimes as part of a two-year, undercover--and international--investigation dubbed Operation Card Shop. Carding refers to illegal activity involving stolen credit card, bank account, or other personal information trafficked online.

"The allegations unsealed today chronicle a breathtaking spectrum of cyber schemes and scams. As described in the charging documents, individuals sold credit cards by the thousands and took the private information of untold numbers of people," said Manhattan U.S. Attorney Preet Bharara in a statement released Monday. "The defendants casually offered every stripe of malware and virus to fellow fraudsters, even including software enabling cyber voyeurs to hijack an unsuspecting consumer's personal computer camera."

In the United States, the investigation resulted in the arrests of 11 people on Monday and Tuesday, although four people named in related complaints--unsealed Tuesday in federal court--remain at large. The arrested defendants range in age from 18 to 25, although the Justice Department said that as part of the investigation, two minors--not named in the indictment--had been arrested by local authorities in Long Beach, Calif., and Sacramento, Calif.

As part of the investigation, 13 people were arrested in seven other countries as part of investigations started after the countries received information from the FBI: the United Kingdom (6 arrests), Bosnia (2), Bulgaria (1), Germany (1), and Norway (1). Meanwhile, one person was arrested in Italy, and another in Japan, as part of provisional arrest warrants obtained by the United States. In addition, the Justice Department said that "Australia, Canada, Denmark, and Macedonia conducted interviews, executed search warrants, or took other coordinated action" in support of the international investigation.

[ FBI is cracking down on cybercriminals. See Feds Bust Hacker For Selling Government Supercomputer Access. ]

"The coordinated law enforcement actions taken by an unprecedented number of countries around the world today demonstrate that hackers and fraudsters cannot count on being able to prowl the Internet in anonymity and with impunity, even across national boundaries," said Bharara.

The FBI said that it also seized Web servers for two online forums used by carders: UGNazi.com and Carders.org. Both sites are now offline, and resolve to a page that reads: "This site has been removed by the Federal Bureau of Investigation in connection with law enforcement action."

As part of the investigation, the FBI--led by its New York Cyber Crime Task Force--proactively contacted affected organizations to help them mitigate the effects of the data breaches spotted by the bureau. "In so doing, the FBI has prevented estimated potential economic losses of more than $205 million, notified credit card providers of over 411,000 compromised credit and debit cards, and notified 47 companies, government entities, and educational institutions of the breach of their networks," according to the Justice Department.

The complaints read as a primer to carding practices, including attack techniques and the functioning of the carding economy. For example, the complaints accuse Michael Hogue (a.k.a., "xVisceral") of selling malware, including remote access tools, to remotely control exploited PCs. "Hogue's RAT, for example, enabled the user to turn on the Web camera on victims' computers and spy on them, and to record every keystroke of the victim-computer's user," according to the complaints. "If the victim visited a banking website and entered his or her user name and password, the key logging program could record that information, which could then be used to access the victim's bank account." Authorities said Hogue typically sold his RAT software for $50 per copy.

Also charged was Jarand Moen Romtveit (a.k.a., "zer0") for using "hacking tools to steal information from the internal databases of a bank, a hotel, and various online retailers," and then selling the data to others, according to the complaint. It also noted that "in February 2012, in return for a laptop computer, Romtveit sold credit card information to an individual he believed to be a fellow carder, but who in fact was an undercover FBI agent."

Meanwhile, authorities charged Mir Islam (a.k.a. "JoshTheGod") with selling information relating to more than 50,000 credit cards. Authorities said Islam was a self-professed member of the UGNazi hacking group, which the FBI said "has claimed credit for numerous recent online hacks," as well as a founder of the online carding forum "Carders.org."

The FBI said it arrested Islam Monday night, after an undercover agent--posing as a fellow carder--delivered what had been billed as counterfeit credit cards loaded with stolen credit card data. "Islam was placed under arrest after he attempted to withdraw illicit proceeds from an ATM using one of the cards," said the bureau.

Beyond detailing those attack techniques, the complaints also abound with carding terminology, such as the practice of selling "fulls"--"full credit card data including cardholder name, address, social security number, birth date, mother's maiden name, and bank account information," as well as selling "CVVs," referring to "credit card data that includes the name, address, and zip code of the card holder, along with the card number, expiration date, and security code printed on the card." Meanwhile, the complaints also charged two people with selling "dumps," which refers to "stolen credit card data in a form in which the data is stored on the magnetic strips on the backs of credit cards."

As part of the investigation, the FBI also busted two men on charges of selling "drop" services to carders, defined in the complaints as "addresses with which they have no association, such as vacant houses or apartments, where carded goods can be shipped and retrieved without leaving evidence of their involvement in the shipment." In the course of the Operation Card Shop investigation, authorities said that shipped items included high-end electronics, jewelry, clothing, sunglasses, air purifiers, and synthetic marijuana.

More than 900 IT and security professionals responded to InformationWeek’s 2012 Strategic Security Survey. Our results cover a variety of areas critical to information risk management, including cloud, mobility, and software development. Download the 2012 Strategic Security report now. (Free registration required.)

About the Author(s)

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights