The U.S. Justice Department today unveiled the results of a two-year international cybercrime sting that culminated in the arrest of 26 people accused of trafficking in hundreds of thousands of stolen credit and debit card accounts. Among those arrested was an alleged core member of “UGNazi,” a malicious hacking group that has claimed responsibility for a flood of recent attacks on Internet businesses.
Federal officials are calling the operation the largest coordinated international law enforcement action in history directed at “carding” crimes, in which the Internet is used to traffic in and exploit the stolen credit card, bank account and other personal information of hundreds of thousands of victims.
According to documents released by the Justice Department, the sting — dubbed “Operation Card Shop” — began in June 2010, when the FBI established an undercover carding forum called “CarderProfit” (carderprofit.cc) to identify users who were buying and selling stolen credit card accounts and goods purchased with stolen accounts.
The FBI kept track of Internet addresses used by forum members, and used members’ login information to gather additional information about registered users. The agency tightened the noose in May 2012, when it began imposing new membership requirements to restrict site membership to individuals with established knowledge of carding techniques or interest in criminal activity.
“For example, at times, new users were prevented from joining the site unless they were recommended by two existing users who had registered with the site, or unless they paid a registration fee,” the government said in a statement about today’s arrests. “New users registering with the [undercover] site were required to provide a valid e- mail address as part of the registration process. The e-mail addresses entered by registered members of the site were collected by the FBI.”
Meanwhile, the feds were collecting stolen credit and debit card accounts that were being traded by forum members, and feeding the information back to issuing banks. The Justice Department said it contacted affected financial institutions regarding more than 411,000 compromised credit and debit cards, and notified 47 companies, government entities, and educational institutions of the breach of their networks.
Eleven of those arrested were living in the United States, including a Bronx, New York man named Mir Islam, who authorities allege also was known online as “JoshTheGod.” The government says that Islam trafficked in stolen credit card information and possessed information for more than 50,000 credit cards. The Justice Department also alleges that Islam held himself out as a member of “UGNazi,” a hacking group that has claimed credit for numerous recent online hacks, and as a founder of carders.org, another carding forum. In tandem with the arrests, the FBI seized the server for UGNazi.com and the carders.org domain name, taking both sites offline.
Complaints unsealed today allege that on Monday night, Islam met in Manhattan with an individual he believed to be a fellow carder — but who in fact was an undercover FBI agent — to accept delivery of what he believed were counterfeit credit cards encoded with stolen credit card information. He was arrested after he allegedly attempted to withdraw illicit proceeds from an ATM using one of the cards.
Another individual named in the complaints unsealed today was Mark Caparelli, a hacker who allegedly went by the nickname “Cubby,” and engaged in a so-called “Apple call-in” scheme, in which which he used stolen credit cards and social engineering skills to fraudulently obtain replacement products from Apple, Inc., which he then resold for profit. According to the government, the scheme involved the defendant obtaining serial numbers of Apple products he had not in fact bought . He would then call Apple with the serial number, claim the product was defective, arrange for a replacement product to be sent to an address he designated , and give Apple a stolen credit card number to charge if he failed to return the purportedly defective product.