At least 24 people were arrested in the US and abroad in a US-led sting operation targeting cybercriminals buying and selling stolen credit card information, officials said on Tuesday.
US federal attorney for the Southern District of New York Preet Bharara said the probe uncovered “a breathtaking spectrum of cyberschemes and scams” spread across the US, Canada and 11 other countries in Europe and Asia.
“Operation Card Shop” targeted “sophisticated, highly organized cybercriminals” involved in selling stolen identities and credit cards, along with fake documents and sophisticated hacking tools, the FBI’s New York Division Assistant Director Janice Fedarcyk said.
The officials said the two-year operation began in June 2010, when the FBI established an undercover “carding forum,” aimed at mimicking Web sites operated by criminals to buy and sell information such as account numbers.
The FBI site, called “Carder Profit,” was configured to allow US agents to track those using the site through their IP addresses.
Because the FBI was able to warn those affected by compromised accounts, the operation “prevented estimated potential economic losses of more than US$205 million,” a statement by prosecutors said.
Eleven people, including two minors, were arrested in the US and 13 others arrested overseas, in seven different countries, the prosecutors’ statement added.
Six people were arrested in Britain, two in Bosnia, and one each in Bulgaria, Norway and Germany.
Two others were arrested on Tuesday in Italy and Japan, based on provisional warrants obtained by the US in connection with charges unsealed in New York.
Bharara said those accused in the scheme “sold credit cards by the thousands and took the private information of untold numbers of people.”
“As the cyberthreat grows more international, the response must be increasingly global and forceful,” Bharara said.
In a separate development, a security report on Tuesday said a wave of cyberattacks has likely stolen at least US$80 million from bank accounts in Europe.
The report by Guardian Analytics and McAfee said “Operation High Roller” was led by criminals attacking cloud-based servers in a global fraud campaign.