NEW YORK — At least 24 people were arrested in the United States and abroad in a US-led sting operation targeting cyber criminals buying and selling stolen credit card information, officials said Tuesday.
“Operation Card Shop” targeted “sophisticated, highly organized cyber criminals involved in buying and selling stolen identities, exploited credit cards, counterfeit documents, and sophisticated hacking tools,” FBI’s assistant New York director-in-charge Janice Fedarcyk said.
The case involved law enforcement agencies in Britain, Australia, Bosnia, Bulgaria, Denmark, Canada, France, Germany, Italy, Japan, Macedonia and Norway, officials said.
US Attorney Preet Bharara said the probe uncovered “a breathtaking spectrum of cyber schemes and scams.”
Those accused in the scheme, he said “sold credit cards by the thousands and took the private information of untold numbers of people… the defendants casually offered every stripe of malware and virus to fellow fraudsters, even including software enabling cyber voyeurs to hijack an unsuspecting consumer’s personal computer camera.”
The two-year operation began in June 2010, when the FBI established an undercover “carding forum,” aimed at mimicking the sites operated by criminals to buy and sell account numbers, or trade other information.
The site called “Carder Profit” was configured to allow the FBI to monitor and to record the discussion threads and private messages, and to track those using the site through their IP addresses.
Because the FBI was able to warn those affected by compromised accounts, the operation “prevented estimated potential economic losses of more than $205 million, notified credit card providers of over 411,000 compromised credit and debit cards, and notified 47 companies, government entities, and educational institutions of the breach of their networks,” a statement by prosecutors said.
Eleven people were arrested in the United States and 13 others arrested overseas, in seven different countries, a statement by prosecutors said.
Six people were arrested in Britain, two in Bosnia, and one each in Bulgaria, Norway and Germany on charges in those countries.
Two others were detained in Italy and Japan on warrants arrested in foreign countries based on provisional arrest warrants obtained in connection with complaints in New York.
“As the cyber threat grows more international, the response must be increasingly global and forceful,” Bharara said.
“The coordinated law enforcement actions taken by an unprecedented number of countries around the world today demonstrate that hackers and fraudsters cannot count on being able to prowl the Internet in anonymity and with impunity, even across national boundaries.”
Of the 11 held in the United States, two are minors.
One of those arrested, Mir Islam, who uses the name “JoshTheGod,” claimed to be a member of UGNazi, a group that has claimed credit for numerous recent online hack attacks, and a founder of Carders.Org, a carding forum on the Internet. Officials said he had information for more than 50,000 credit cards.
As a result of the operation, the FBI seized the web server for UGNazi.com, and seized the domain name of Carders.org, taking both sites offline.
In a separate, unrelated development, a security report Tuesday said a wave of cyber attacks has likely stolen at least $80 million from bank accounts in Europe.
The joint report by Guardian Analytics and McAfee said “Operation High Roller” was led by criminals attacking cloud-based servers in a global fraud campaign.
The report from the two US firms said the attacks tried to steal between $75 million and $2.5 billion (60 million to two billion euros) from at least 60 banks worldwide.