Attacks/Breaches
10/10/2011
12:21 PM
Connect Directly
RSS
E-Mail
50%
50%

111 Arrested In Identity Theft Probe

One of the biggest identity theft and credit card fraud cases in history has generated millions of dollars in losses to date, prosecutors said.

10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches
Authorities on Friday announced the arrest of 111 people in what they're calling the biggest identity theft bust in U.S. history.

"This is by far the largest--and certainly among the most sophisticated--identity theft/credit card fraud cases that law enforcement has come across," said Richard A. Brown, the district attorney of Queens, N.Y., in a statement announcing the arrests.

"Many of the defendants ... are accused of going on nationwide shopping sprees, staying at five-star hotels, renting luxury automobiles and private jets, and purchasing tens of thousands of dollars worth of high-end electronics and expensive handbags and jewelry with forged credit cards that contained the account information of unsuspecting consumers," said Brown.

[The smart money treats data breaches as a 'when' not an 'if,' proposition Is your data breach response ready for primetime?]

Authorities said that the investigation--dubbed "Operation Swiper"--began in 2009, and grew to involve not just physical surveillance, but also "court-authorized electronic eavesdropping on dozens of different telephones in which thousands of conversations were intercepted--many of which required translation from Russian, Mandarin, and Arabic to English."

Prosecutors said the arrests involved five different identity theft and credit-card-forgery rings, operating for a year and a half out of Queens County, in New York City, but with ties to Europe, Asia, Africa, and the Middle East. So far, more than 90 of the defendants have been charged with corruption under New York's Organized Crime Control Act. Other charges included identity theft and robbery. Notably, five people were charged with stealing cargo worth $95,000 from Kennedy Airport, and seven were accused of stealing computer equipment worth at least $850,000 from the Citigroup Building in Long Island City.

According to the indictments, the criminal rings fraudulently obtained credit card numbers, then used them to manufacture fake credit cards and identification. From there, teams were deployed as mules on shopping expeditions to purchase such goods as high-end electronics, handbags, and jewelry--often based on the ease with which the goods could later be fenced--and then sending it back to ringleaders via Federal Express and UPS. Authorities also accused the mules of using the fake credit cards to stay in high-end private villas and luxury hotels, to rent Lamborghinis and Porsches, and in one case, even renting a private jet to make a run from New York to Florida.

As part of the investigation, last week court-authorized search warrants were executed at 15 New York City and Long Island locations, several of which served as "mills" for generating fraudulent documents, said authorities. The raids recovered about $650,000 in cash, seven handguns, a box truck--filled with electronics, jewelry, and shoes--as well as credit card skimmers, fake identification, and blank credit cards.

According to the indictments, U.S. and European consumers, retail businesses, as well as financial institutions--including American Express, American Express, MasterCard, and Visa--collectively suffered $13 million in losses as a result of the gangs' activities. But the amount of losses may continue to mount. "Even after the culprits are caught and prosecuted, their victims are still faced with the difficult task of having to repair their credit ratings and financial reputations. In some cases, that process can take years," said Brown.

"These weren't holdups at gunpoint, but the impact on victims was the same. They were robbed," said Raymond W. Kelly, police commissioner of New York City, in a statement. "We assigned detectives to financial crimes because of the potential victimization is so great, especially as the use of credits cards and their vulnerability to identity theft have grown along with the Internet."

According to the indictments, the crime rings were run by Imran Khan, Ali Khweiss, Anthony Martin, Sanjay (aka Rocky) Deowsarran, and Amar Singh. The indictments said that they sourced their skimming equipment, including blank credit cards, primarily from China, Lebanon, Libya, and Russia. Authorities also alleged that attorney Susan Persaud assisted Khan by advising his gang on techniques for evading law enforcement operations, and that she received stolen items--including designer shoes--as payment.

The indictments also accuse Fnu Gustawian, Kah Sheng Poh, and Allen Lam (aka Benny Ahoo) of selling--fencing--the stolen goods, alleging that Gustawain tended to handle the Apple products and electronics, while Ahdoot handled jewelry, including Rolex and Breitling watches.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Tronman
50%
50%
Tronman,
User Rank: Apprentice
10/11/2011 | 11:47:31 AM
re: 111 Arrested In Identity Theft Probe
Electric chair.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0993
Published: 2014-09-15
Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows remote attackers to execute arbitrary code via a crafted BMP file.

CVE-2014-2375
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature.

CVE-2014-2376
Published: 2014-09-15
SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-2377
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.

CVE-2014-3077
Published: 2014-09-15
IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
CISO Insider: An Interview with James Christiansen, Vice President, Information Risk Management, Office of the CISO, Accuvant