Members of a group wanted for carrying out a phishing attack on Capital One have been arrested in Europe and the United States.

Seventeen members of the group were arrested following an FBI enquiry. Authorities said the men were involved in an international identity theft campaign, including phishing attacks on Capital One and other financial companies.

In a collaborative investigation between authorities in Poland, Romania and the U.S., four arrests took place in the U.S. and 13 people were apprehended in Poland.

The ringleader of the group – a Polish man – is suspected of hacking into third-party computers and renting out web space to other cybercriminals for them to host fake websites for phishing.

Police believe the men then sold the stolen identities plus credit card and other sensitive financial information to other criminals. The group is suspected of carrying out the campaign between August and October 2004.

When the American suspects were arrested, they were found using cards and machines used to encode data onto blank credit cards. Officers then attempted to search the premises and one man tried to flush counterfeit credit cards down the toilet, according to authorities.

As part of the investigation, further raids took place across the U.S. and search warrants served on three additional suspects in Romania.

Graham Cluley, senior technology consultant for Sophos, said authorities are making progress in the fight against the hackers.

"The authorities fighting computer crime should be applauded for working together across international boundaries to break up these criminal gangs. There have been more people arrested in the last year for cyber crime than ever before," he said. "Phishing and identity theft are global problems, and countries need to work more closely with each other to bring the bad guys to justice."

"Although the news of these arrests is good, it's only the tip of the iceberg as many other phishers are still at large," he said.