12:21 PM

111 Arrested In Identity Theft Probe

One of the biggest identity theft and credit card fraud cases in history has generated millions of dollars in losses to date, prosecutors said.

10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches
Authorities on Friday announced the arrest of 111 people in what they're calling the biggest identity theft bust in U.S. history.

"This is by far the largest--and certainly among the most sophisticated--identity theft/credit card fraud cases that law enforcement has come across," said Richard A. Brown, the district attorney of Queens, N.Y., in a statement announcing the arrests.

"Many of the defendants ... are accused of going on nationwide shopping sprees, staying at five-star hotels, renting luxury automobiles and private jets, and purchasing tens of thousands of dollars worth of high-end electronics and expensive handbags and jewelry with forged credit cards that contained the account information of unsuspecting consumers," said Brown.

[The smart money treats data breaches as a 'when' not an 'if,' proposition Is your data breach response ready for primetime?]

Authorities said that the investigation--dubbed "Operation Swiper"--began in 2009, and grew to involve not just physical surveillance, but also "court-authorized electronic eavesdropping on dozens of different telephones in which thousands of conversations were intercepted--many of which required translation from Russian, Mandarin, and Arabic to English."

Prosecutors said the arrests involved five different identity theft and credit-card-forgery rings, operating for a year and a half out of Queens County, in New York City, but with ties to Europe, Asia, Africa, and the Middle East. So far, more than 90 of the defendants have been charged with corruption under New York's Organized Crime Control Act. Other charges included identity theft and robbery. Notably, five people were charged with stealing cargo worth $95,000 from Kennedy Airport, and seven were accused of stealing computer equipment worth at least $850,000 from the Citigroup Building in Long Island City.

According to the indictments, the criminal rings fraudulently obtained credit card numbers, then used them to manufacture fake credit cards and identification. From there, teams were deployed as mules on shopping expeditions to purchase such goods as high-end electronics, handbags, and jewelry--often based on the ease with which the goods could later be fenced--and then sending it back to ringleaders via Federal Express and UPS. Authorities also accused the mules of using the fake credit cards to stay in high-end private villas and luxury hotels, to rent Lamborghinis and Porsches, and in one case, even renting a private jet to make a run from New York to Florida.

As part of the investigation, last week court-authorized search warrants were executed at 15 New York City and Long Island locations, several of which served as "mills" for generating fraudulent documents, said authorities. The raids recovered about $650,000 in cash, seven handguns, a box truck--filled with electronics, jewelry, and shoes--as well as credit card skimmers, fake identification, and blank credit cards.

According to the indictments, U.S. and European consumers, retail businesses, as well as financial institutions--including American Express, American Express, MasterCard, and Visa--collectively suffered $13 million in losses as a result of the gangs' activities. But the amount of losses may continue to mount. "Even after the culprits are caught and prosecuted, their victims are still faced with the difficult task of having to repair their credit ratings and financial reputations. In some cases, that process can take years," said Brown.

"These weren't holdups at gunpoint, but the impact on victims was the same. They were robbed," said Raymond W. Kelly, police commissioner of New York City, in a statement. "We assigned detectives to financial crimes because of the potential victimization is so great, especially as the use of credits cards and their vulnerability to identity theft have grown along with the Internet."

According to the indictments, the crime rings were run by Imran Khan, Ali Khweiss, Anthony Martin, Sanjay (aka Rocky) Deowsarran, and Amar Singh. The indictments said that they sourced their skimming equipment, including blank credit cards, primarily from China, Lebanon, Libya, and Russia. Authorities also alleged that attorney Susan Persaud assisted Khan by advising his gang on techniques for evading law enforcement operations, and that she received stolen items--including designer shoes--as payment.

The indictments also accuse Fnu Gustawian, Kah Sheng Poh, and Allen Lam (aka Benny Ahoo) of selling--fencing--the stolen goods, alleging that Gustawain tended to handle the Apple products and electronics, while Ahdoot handled jewelry, including Rolex and Breitling watches.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
10/11/2011 | 11:47:31 AM
re: 111 Arrested In Identity Theft Probe
Electric chair.
Register for Dark Reading Newsletters
White Papers
Current Issue
E-Commerce Security: What Every Enterprise Needs to Know
The mainstream use of EMV smartcards in the US has experts predicting an increase in online fraud. Organizations will need to look at new tools and processes for building better breach detection and response capabilities.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio