Feds Dismantle Ukrainian's $530 Million Carding Empire

In2an3_PpG

Level 18
Thread author
Verified
Top Poster
Content Creator
Well-known
Nov 15, 2016
867
'In Fraud We Trust' Was International 'Infraud Organization' Slogan

feds-dismantle-ukrainians-530-million-carding-empire-showcase_image-6-a-10638.jpg

Source: Department of Justice

The U.S. Department of Justice on Wednesday announced one of its biggest-ever cybercrime disruptions after it shuttered Infraud Organization, an online forum that prosecutors say sported more than 10,000 members dedicated to the pursuit of fraud.

See Also: IoT is Happening Now: Are You Prepared?

A nine-count superseding indictment by a federal grand jury in Las Vegas, unsealed on Wednesday, charges 36 individuals with a range of offenses, including racketeering conspiracy, and ties them to $530 million in confirmed losses due to fraud and says they intended to steal more than $2.2 billion.

Operating under the slogan "In Fraud We Trust," as of March 2017, Infraud sent members and potential customers to members' automated vending sites, which sold everything from point-of-sale malware and banking Trojans to stolen payment card details and counterfeit identification, the Justice Department says in a news release.

As a result of an international investigation into Infraud's activities codenamed Operation Shadow Web, five suspects have been arrested in the United States. Eight other suspects have been arrested in Australia, France, Italy, Kosovo, Serbia and the United Kingdom; all face extradition to the United States. The other 23 suspects remain at large.

"Today's indictment and arrests mark one of the largest cyber fraud enterprise prosecutions ever undertaken by the Department of Justice," John P. Cronan, the acting assistant attorney general of the Justice Department's criminal division, says in a Wednesday news release.

Global Operation
Infraud had 10,901 registered members as of March 2017, officials say.

"As alleged in the indictment, Infraud operated like a business to facilitate cyber fraud on a global scale," Cronan says. "Its members allegedly caused more than $530 million in actual losses to consumers, businesses, and financial institutions alike - and it is alleged that the losses they intended to cause amounted to more than $2.2 billion."

The indictment charges 36 individuals by name, except for seven named only as "John Doe," although identified by aliases such as "Aimless88," "Best4Best," "Carlitos," and "Goldenshop." Some of the defendants have also been charged with possessing 15 or more counterfeit and unauthorized access devices.

structure-indictment-infraud07feb2018.jpg

Excerpt from the indictment. (Source: Department of Justice)
The indicted U.S. suspects are based in Alabama, New York and California.

Beyond the aforementioned seven countries in which suspects were arrested, other countries in which alleged Infraud operators are based include Bangladesh, Canada, Egypt, Italy, Ivory Coast, Kosovo, Macedonia, Moldova, Pakistan and Russia.

Infraud was launched in 2010 by now 34-year-old Ukrainian national Svyatoslav Bondarenko - aka "Obnon," "Rector," "Helkern" - who acted as administrator of the site, although he appeared to stop using the site in 2015, according to the indictment. He remains at large.

Sergey Medvedev helped co-found Infraud and also acted as a site administrator as well as provider of digital currency escrow - currency exchanging - services "for the benefit of Infraud Organization members engaging in transactions with other members, to ensure the integrity of those transactions," according to the indictment." In addition, "after Bondarenko went missing in 2015, Medvedev took his place as owner and administrator of the Infraud Organization."

Medvedev has been arrested.

Infraud Organizational Chart
infraud-organization-org-chart.jpg

Source: Department of Justice
A to Z of Carding
The indictment includes a literal A to Z of card fraud forums, defining such terms as:

  • Automated vending sites: "Automated websites that do riot require human intervention to function and that are used by Infraud members to purchase and sell illicit goods."
  • Bulletproof hosting: Web hosting services that take a lenient approach to the type of information that customers can distribute using the firm's servers. "Such material may include spam, compromised credit card data, high-yield investment product (Ponzi) schemes, online gambling and malware distribution infrastructure." (See Hacker Havens: The Rise of Bulletproof Hosting Environments).
  • Carding: The concept of purchasing goods with stolen payment card data or using counterfeit payment cards encoded with stolen credit card data. Such fraud may be enabled with the help of fraudulent identification documents.
  • Dumps: Batches of compromised debit and credit card account data.
  • Fulls: compromised payment card data that typically contains all of a cardholder's information - except for information encoded on the magnetic track on the rear of the card - including the accountholder's name, birthdate, Social Security number, address, telephone, mother's maiden name and security code on the rear of the payment card.
  • Malware: Malicious software for compromising PCs, mobile devices and point-of-sale terminals. "Although functionality varies, malware is often used to harvest personally identifying information and financial data, to gather intelligence for later use in a fraud scheme, or to electronically and unlawfully monitor victims." (See Cybercrime as a Service: Tools + Knowledge = Profit).
  • Ripper: "A vendor of illicit goods of poor quality, or one who did not deliver the goods promised in a transaction." According to the indictment, "Infraud leadership routinely policed the forum for rippers, disciplining them to protect the general membership."
For Sale: POS Malware, Holograms and More
The indictment ties some of the 36 suspects to the above services.

websitetakedowndojw1000.jpg

The Infraud organization online site now resolves to this takedown notice. (Source: Department of Justice)
Alabama-based Frederick Thomas, 37, aka "Mosto," "1stunna," and "Bestssn," 37, is charged with joining Infraud in 2011 and serving as the "vendor of a Social Security number and date of birth lookup service."

One alleged member, 25-year old Besart Hoxha - aka "Pizza" - of Kosovo has been accused of joining Infraud the same year and advertising himself as a vendor of "High Quality Plastics & Holos VISA, MasterCard, Amex, Discover" who "sells plastic card stock and holograms to Infraud Organization members and associates."

Another suspect, 28-year-old Valerian Chiochiu - aka "Onassis," "Flagler," "Socrate" and "Eclessiastes" - of Moldova joined the organization in 2012 and "provides guidance to other members on the development, deployment, and use of random access memory ('RAM') point-of-sale ('POS') malware as a means of harvesting stolen data," according to the indictment.
 
  • Like
Reactions: harlan4096

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top