Risk
5/19/2008
03:15 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

International Cybercrime Ring Busted

Officials from the United States and Romania announced that 38 individuals in the two countries have been charged with computer and credit card fraud.

On Monday, the U.S. Department of Justice charged 38 individuals in the United States and Romania with ties to organized crime in two separate indictments involving computer and credit card fraud.

The alleged fraud includes charges of phishing -- soliciting personal information for illegal use via e-mail -- and "smishing" -- soliciting personal information for illegal use via Short Message Service (SMS) text messages.

"International organized crime poses a serious threat not only to the United States and Romania, but to all nations," Deputy Attorney General Mark R. Filip said in a statement. "Criminals who exploit the power and convenience of the Internet do not recognize national borders; therefore our efforts to prevent their attacks cannot end at our borders either. Through cooperation with our international partners, we can disrupt and dismantle these enterprises, just as we have done today with these indictments and arrests."

The deputy attorney general made the announcement in Bucharest, Romania, in conjunction with Romanian Prosecutor General Laura Codruta Kövesi to call attention to increased efforts by U.S. authorities to combat international organized crime.

On April 23, U.S. Attorney General Michael B. Mukasey announced a new strategy to deal with transnational criminals that stresses increased information sharing and cooperation with foreign authorities.

Thirty-three individuals were charged in a 65-count indictment unsealed in Los Angeles on Monday. The indictment alleges that the individuals participated in an international racketeering scheme that relied on the Internet to facilitate the theft and misuse of credit card numbers.

Seven were charged in a two-count indictment for phishing in New Haven, Conn., that was filed in January. Two of those seven were also listed in the Los Angeles case.

"For the people arrested today, the indictments charge that the defendants sent out mass quantities of e-mails, known as 'spam,' to lure victims to go to fraudulent Web sites that appeared to be legitimate banking or financial businesses," said Filip in prepared remarks. "At those sites, victims were tricked into entering personal information such as financial and identity information and personal passwords -- a scheme known as 'phishing.' That information was then harvested by 'suppliers' who, in turn, sent the information to 'cashiers' via real-time Internet chat sessions."

The indictments allege that crime group "cashiers" obtained credit card numbers and related personal information that had been stolen via spamming phishing and "smishing" messages. According to Filip, these "cashiers" used hardware credit card encoding devices and software to write stolen card numbers onto the magnetic strips of credit and debit cards. "Runners" then took those newly minted cards and proceeded to make unauthorized withdrawals. A percentage of the stolen funds were then transferred back to the suppliers of the stolen credit and debit card numbers. Filip estimated the amount stolen to be several million dollars.

Some of those facing charges used hotel door access cards, with their magnetic stripes reprogrammed, to withdraw an estimated total of $20,000 from ATMs.

In an Internet chat session cited in the Los Angeles indictment, one of the defendants, Hiep Thanh Tran, is alleged to have said, "bro this are from my spam ... super fresh ... I will spam more ... [I] spammed like hell ... used 7 remote desktops and 13 smpt servers ... 5 root ... [and] sent over 1. 3 million emails."

The carding ring allegedly dealt in stolen information linked to accounts at Allegheny Federal Credit Union, American National Bank of Texas, Arizona Federal Credit Union, Banker's Bank & Trust, Bank of the West, Boeing Employees' Credit Union, Bowdoinham Federal Credit Union, Capital One Bank, Citibank, Downey Savings & Loan, Credit Union One, E-Trade, Desert Schools Federal Credit Union, Flagstar Bank, First Merit Bank, Iowa League Corporate Central Credit Union, Jeffco Schools Credit Union, Langley Federal Credit Union, Mountain America Credit Union, Orange County Teacher's Credit Union, Pointbank, NASA Federal Credit Union, North Island Credit Union, Premier Credit Union, PSCU Financial Services, Regions Bank, School Financial Credit Union, Southwest Corporate Federal Credit Union, Teacher's Credit Union, Telco Credit Union & Affiliates, Valley National Bank, Visa, Washington State Employees Credit Union, and Waterbury Teachers' Federal Credit Union.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Security's #1 Problem: Economic Incentives
Dimitri Stiliadis, CEO of Aporeto,  9/25/2017
SMBs Paid $301 Million to Ransomware Attackers
Dark Reading Staff 9/21/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.