26
Jun 12

‘Carderprofit’ Forum Sting Nets 26 Arrests

facebooktwittergoogle_plusredditpinterestlinkedinmail

The U.S. Justice Department today unveiled the results of a two-year international cybercrime sting that culminated in the arrest of 26 people accused of trafficking in hundreds of thousands of stolen credit and debit card accounts. Among those arrested was an alleged core member of “UGNazi,” a malicious hacking group that has claimed responsibility for a flood of recent attacks on Internet businesses.

The carding forum Carderprofit.cc was an FBI sting operation.

Federal officials are calling the operation the largest coordinated international law enforcement action in history directed at “carding” crimes, in which the Internet is used to traffic in and exploit the stolen credit card, bank account and other personal information of hundreds of thousands of victims.

According to documents released by the Justice Department, the sting — dubbed “Operation Card Shop” — began in June 2010, when the FBI established an undercover carding forum called “CarderProfit” (carderprofit.cc) to identify users who were buying and selling stolen credit card accounts and goods purchased with stolen accounts.

The FBI kept track of Internet addresses used by forum members, and used members’ login information to gather additional information about registered users. The agency tightened the noose in May 2012, when it began imposing new membership requirements to restrict site membership to individuals with established knowledge of carding techniques or interest in criminal activity.

“For example, at times, new users were prevented from joining the site unless they were recommended by two existing users who had registered with the site, or unless they paid a registration fee,” the government said in a statement about today’s arrests. “New users registering with the [undercover] site were required to provide a valid e- mail address as part of the registration process. The e-mail addresses entered by registered members of the site were collected by the FBI.”

Carderprofit.cc as it appears now.

Meanwhile, the feds were collecting stolen credit and debit card accounts that were being traded by forum members, and feeding the information back to issuing banks. The Justice Department said it contacted affected financial institutions regarding more than 411,000 compromised credit and debit cards, and notified 47 companies, government entities, and educational institutions of the breach of their networks.

Eleven of those arrested were living in the United States, including a Bronx, New York man named Mir Islam, who authorities allege also was known online as “JoshTheGod.” The government says that Islam trafficked in stolen credit card information and possessed information for more than 50,000 credit cards. The Justice Department also alleges that Islam held himself out as a member of “UGNazi,” a hacking group that has claimed credit for numerous recent online hacks, and as a founder of carders.org, another carding forum. In tandem with the arrests, the FBI seized the server for UGNazi.com and the carders.org domain name, taking both sites offline.

JoshTheGod’s Twitter feed, warning about carderprofit on Apr. 5, 2012

Complaints unsealed today allege that on Monday night, Islam met in Manhattan with an individual he believed to be a fellow carder — but who in fact was an undercover FBI agent — to accept delivery of what he believed were counterfeit credit cards encoded with stolen credit card information. He was arrested after he allegedly attempted to withdraw illicit proceeds from an ATM using one of the cards.

Another individual named in the complaints unsealed today was Mark Caparelli, a hacker who allegedly went by the nickname “Cubby,” and engaged in a so-called “Apple call-in” scheme, in which which he used stolen credit cards and social engineering skills to fraudulently obtain replacement products from Apple, Inc., which he then  resold for profit. According to the government, the scheme involved the defendant obtaining serial numbers of Apple products he had not in fact bought . He would then call Apple with the serial number, claim the product was defective, arrange for a replacement product to be sent  to an address he designated , and give Apple a stolen credit card number to charge if he failed to return the purportedly defective product.

Tags: , , , , , ,

21 comments

  1. Tango down.

  2. Love it! I’ve been following these Ugnazi idiots for a while now. The Jester was right!

  3. Well done. Very modest press release. If it was the “largest bust” and so successful, why only 411K numbers and 26 arrests? Seems small for an underground site and the “largest” of anything. Just sayin….I’m coming back to bed Edgar, don’t worry.

  4. It seems clear from busts like this – as well as the book “Kingpin” – that most of these guys practice ludicrously bad security on their own hook.

    They appear to rely on the fact that unless you’re dealing in amounts of fraud which exceed the Federal investigation limit – variously reported as $10,000, $40,000 or even $100,000 – you’re unlikely to be the target of a serious investigation.

    Then of course once their business expands to that level, they’re surprised to find that their previous poor security comes back to bite them.

    In perspective, however, so the FBI spent a small fortune nailing 24 guys who are responsible for what, a few million in losses tops? Meanwhile computer crime is alleged to be a $600 billion business. (I suspect that figure is massively inflated, however, to justify law enforcement budgets now that it’s clear law enforcement can do ZILCH about the former “Big Bad” – drugs).

    So this bust is a drop in the bucket… Most of these guys look like “low hanging fruit”, as well.

    • Well to be fair the world’s police forces do more than zilch regarding illicit drugs.

      According to the UK’s elite SOCA police unit, the combined UK police forces, widely regarded as the world’s best, manage to intercept around 1% of all heroin shipments across UK borders.

      OK, maybe I see your point ;)

      I guess one has to hope this isn’t an inflated figure lol

      It’s hard to imagine any other area where this would be acceptable. Can you imagine if the clear up rate for say home burglaries, car theft or murder was 1%?

      • Well, burglary is a bad example, since it’s only a bit better. according to one site I found as of 2002:

        “The burglary clearance rate has remained consistently low, with an average of 14 percent in the United States and 23 percent in Britain. Rural agencies typically clear a slightly higher percentage of burglaries. The clearance rate for burglary is lower than that for any other serious offense.”

        Murder is a better example, because most murders are committed by someone known to the victim which massively reduces the suspect pool. This is why serial killers are such bad news – they don’t fit that profile.

        Note that rural burglaries get cleared up easier in that quote above – same reason, very reduced suspect pool.

        Compare that to cybercrime, where your attacker can be anyone anywhere on the planet. It’s next to hopeless – unless he’s an idiot, like these guys arrested today…

        Fortunately most criminals are idiots. The problem with cybercrime, though, is that the average intelligence of a cybercriminal almost by definition has to be at least a bit higher than that of your usual burglar or drug dealer in order to master the technology involved.

        Guys like those charged today are still probably HACKING FROM HOME! As they said in “Hackers”, “That’s universally stupid, man!”

    • Very true. They were doxed long ago – they’re so bad at hiding, it’s like they did it on purpose. This guy even sent JoshTheGod a birthday card before he hit 18: check it out https://twitter.com/#!/Le_Researcher

    • @Richard:

      Actually the FBI will not investigate any electronic theft lower than $5000. They told me that when I entered my case. They do like for victims to enter their data into the FBI reporting site, so they can gather data for the eventual arrest of such criminals.

      This case may seem petty to some posters here, but if busting the crooks is as easy as the original crime, why not do such things during pauses in more important cases? You know these agents aren’t exactly tearing their hair out 24 hours a day.

  5. “Federal officials are calling the operation the largest coordinated international law enforcement action in history.”

    Federal officials seems slightly inaccurate, but “UGNazi” member most likely made it large, but defiantly not largest.

  6. I’m wondering if they’d planned on shutting their sting board down so soon, or if they would have kept it up and luring people for a longer time if UGNazi/JoshTheGod weren’t suddenly so high profile.

  7. It’s surprising no one saw it coming! Brand new, never heard of carding forum? Already seems suspicious. I watch where I card. ;)

  8. I’m almost sure this is a honeypot running as a Tor hidden service, but if it’s not, I’d appreciate it were some authorities to look into it.

    This is a tinyurl shortcut to the Tor hidden service, you must have Tor installed to visit it:

    http://www.tinyurl.com/hackbbonion

    It’s a discussion forum.

    There’s a LOT of chatter on that hidden service about CC’s and more. Please, someone in a TLA/LEA investigate the site.

    Thank you

  9. so the FBI was running an illegal carding shop for over a year. I’m not sure if this is a good thing.
    Here in Germany our Police has very steep requirements, before they can even think about doing something illegal.
    And imho this is a good thing.
    Its a sensitive line to cross, becoming criminal, too hunt criminals.
    I know its a common trope in many hollywood flicks, but i like my reality less creepy. ;)

    • As far as I’m concerned, it is okay until it becomes an operation like Eric Holder’s “Fast-and-Furious”, when agents get killed as a result of sloppy police work. Then I can see why such things should be avoided. But mostly it is sloppy work that should be avoided, at all costs – IMO.

  10. About time someone took down those attention whores. Whats the odds the “UGNazi” guys were informants? They sure acted like them…

    • Most of the criminals I’ve run into are so brazen, their braggadocio is of unheralded proportions. ]:)

  11. There’s one more bigger fraudulent site : MadTrade.org
    they are involved in many fraudulent activities like Stolen Credit Cards Sell, Fake Docs, Passport Making, Apple & Ebay thievery and many similar stuffs like that!
    This site also needs a proper treatment!

  12. Ahaha, HF kiddies getting into 1337hax.

  13. Thanks, good news.