Investigators take down mass phishing ring

Share this article:
Thirty-eight people, including a host of U.S. residents and foreign nationals, were indicted on Monday in connection to two international phishing operations that preyed on unsuspecting bank customers.

The individuals were charged with masterminding a sophisticated Romanian-based scam that delivered hundreds of thousands of bogus emails, usually claiming to be from banks or other financial institutions, that sought to obtain users' personal information, the U.S. Department of Justice announced on Monday.

The cybercrooks used this data, including bank account and Social Security numbers, to create counterfeit credit and debit cards.

A Los Angeles federal grand jury on Monday returned a 65-count indictment, which charged 33 people with defrauding thousands of victims and hundreds of financial institutions, prosecutors said.

Seven others were indicted last week in Connecticut in connection to a related phishing scam that sent emails claiming to be from People' Bank, prosecutors announced Monday.

Two people were involved in both rings.

U.S. authorities, in conjunction with Romanian investigators, arrested nine people living in the Los Angeles area and many others living in Romania. The individuals were charged with a slew of offenses, including racketeering, trafficking counterfeit access devices, aggravated identity theft and bank fraud.

"International organized crime poses a serious threat not only to the United States and Romania, but to all nations," Deputy U.S. Attorney General Mark Flip said. "Criminals who exploit the power and convenience of the internet do not recognize national borders. Therefore, our efforts to prevent these attacks can't end at our borders either."

Sven Krasser, director of data mining research at enterprise security firm Secure Computing, told SCMagazineUS.com on Monday that the offenders likely leveraged botnets and proxy computers to shield themselves from law enforcement during the attacks but blew their cover when they tried to steal the money.

"It's not a common thing to actually get caught," he said. "They're quite into globalization."

Krasser said tracking down cybercriminals across borders is a difficult task because it requires cooperation, gathering evidence in multiple countries and accessing information not under a specific law enforcement body's authority.

"Partnerships and cooperation among all levels of law enforcement - both domestic and foreign - are the keys to tackling criminal activity that increasingly knows no borders," said U.S. Attorney Thomas O'Brien of the Central District of California.

Each charge ranges in penalty from five to 30 years in prison.
Share this article:

Sign up to our newsletters

More in News

Instagram iOS and Android apps vulnerable to session hijacking

Two researchers wrote about the Instagram app for iOS and Android is vulnerable to session hijacking because both send unsecured information through HTTP.

Report: Hackers stole data from Israeli defense firms

A report by Brian Krebs detailed the intrusions, which occurred between Oct. 2011 and Aug. 2012.

Neverquest trojan targets regional banks in Japan

Symantec researchers found a new variant of the banking trojan.