Attacks/Breaches
10/10/2011
12:21 PM
Connect Directly
RSS
E-Mail
50%
50%

111 Arrested In Identity Theft Probe

One of the biggest identity theft and credit card fraud cases in history has generated millions of dollars in losses to date, prosecutors said.

10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches
Authorities on Friday announced the arrest of 111 people in what they're calling the biggest identity theft bust in U.S. history.

"This is by far the largest--and certainly among the most sophisticated--identity theft/credit card fraud cases that law enforcement has come across," said Richard A. Brown, the district attorney of Queens, N.Y., in a statement announcing the arrests.

"Many of the defendants ... are accused of going on nationwide shopping sprees, staying at five-star hotels, renting luxury automobiles and private jets, and purchasing tens of thousands of dollars worth of high-end electronics and expensive handbags and jewelry with forged credit cards that contained the account information of unsuspecting consumers," said Brown.

[The smart money treats data breaches as a 'when' not an 'if,' proposition Is your data breach response ready for primetime?]

Authorities said that the investigation--dubbed "Operation Swiper"--began in 2009, and grew to involve not just physical surveillance, but also "court-authorized electronic eavesdropping on dozens of different telephones in which thousands of conversations were intercepted--many of which required translation from Russian, Mandarin, and Arabic to English."

Prosecutors said the arrests involved five different identity theft and credit-card-forgery rings, operating for a year and a half out of Queens County, in New York City, but with ties to Europe, Asia, Africa, and the Middle East. So far, more than 90 of the defendants have been charged with corruption under New York's Organized Crime Control Act. Other charges included identity theft and robbery. Notably, five people were charged with stealing cargo worth $95,000 from Kennedy Airport, and seven were accused of stealing computer equipment worth at least $850,000 from the Citigroup Building in Long Island City.

According to the indictments, the criminal rings fraudulently obtained credit card numbers, then used them to manufacture fake credit cards and identification. From there, teams were deployed as mules on shopping expeditions to purchase such goods as high-end electronics, handbags, and jewelry--often based on the ease with which the goods could later be fenced--and then sending it back to ringleaders via Federal Express and UPS. Authorities also accused the mules of using the fake credit cards to stay in high-end private villas and luxury hotels, to rent Lamborghinis and Porsches, and in one case, even renting a private jet to make a run from New York to Florida.

As part of the investigation, last week court-authorized search warrants were executed at 15 New York City and Long Island locations, several of which served as "mills" for generating fraudulent documents, said authorities. The raids recovered about $650,000 in cash, seven handguns, a box truck--filled with electronics, jewelry, and shoes--as well as credit card skimmers, fake identification, and blank credit cards.

According to the indictments, U.S. and European consumers, retail businesses, as well as financial institutions--including American Express, American Express, MasterCard, and Visa--collectively suffered $13 million in losses as a result of the gangs' activities. But the amount of losses may continue to mount. "Even after the culprits are caught and prosecuted, their victims are still faced with the difficult task of having to repair their credit ratings and financial reputations. In some cases, that process can take years," said Brown.

"These weren't holdups at gunpoint, but the impact on victims was the same. They were robbed," said Raymond W. Kelly, police commissioner of New York City, in a statement. "We assigned detectives to financial crimes because of the potential victimization is so great, especially as the use of credits cards and their vulnerability to identity theft have grown along with the Internet."

According to the indictments, the crime rings were run by Imran Khan, Ali Khweiss, Anthony Martin, Sanjay (aka Rocky) Deowsarran, and Amar Singh. The indictments said that they sourced their skimming equipment, including blank credit cards, primarily from China, Lebanon, Libya, and Russia. Authorities also alleged that attorney Susan Persaud assisted Khan by advising his gang on techniques for evading law enforcement operations, and that she received stolen items--including designer shoes--as payment.

The indictments also accuse Fnu Gustawian, Kah Sheng Poh, and Allen Lam (aka Benny Ahoo) of selling--fencing--the stolen goods, alleging that Gustawain tended to handle the Apple products and electronics, while Ahdoot handled jewelry, including Rolex and Breitling watches.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Tronman
50%
50%
Tronman,
User Rank: Apprentice
10/11/2011 | 11:47:31 AM
re: 111 Arrested In Identity Theft Probe
Electric chair.
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5242
Published: 2014-10-21
Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action.

CVE-2012-5243
Published: 2014-10-21
functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request.

CVE-2012-5702
Published: 2014-10-21
Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3) company_name parameter in an addedit action to i...

CVE-2013-7406
Published: 2014-10-21
SQL injection vulnerability in the MRBS module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-4514
Published: 2014-10-21
Cross-site scripting (XSS) vulnerability in includes/api_tenpay/inc.tenpay_notify.php in the Alipay plugin 3.6.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to the getDebugInfo function.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.