Twenty-four people, including 11 in the United States, were arrested this week for their role in an international global cyber crime ring that trafficked stolen credit card information, the FBI announced Tuesday.
In what it termed “the largest coordinated international law enforcement action in history directed at carding crimes,” authorities charged suspects in a range of crimes, from selling malware — specifically remote access trojans — that was used to infect victims’ computers, to using hacking tools to raid databases of financial information, to selling hijacked credit card numbers.
The FBI engineered the two-year-long sting by creating an underground carding forum site known as “Carder Profit,” where people bought and sold stolen information, goods and services. The site was configured to track discussion threads and IP addresses. Authorities made the site, which was taken offline last month, look legit by occasionally restricting membership to only those people who were recommended by at least two existing users.
Authorities said the sting saved $205 million in potential fraud losses, and resulted in agents notifying credit card companies of 411,00 compromised accounts, as well as other organizations whose networks apparently were breached to retrieve the data.
Among the notable arrests was Mir Islam, 18, of the Bronx. Using the alias “JoshTheGod,” Islam is the purported leader of the UGNazi hacking group, which has claimed responsibility for a number of infiltrations and DDoS attacks against corporations and government agencies. (UGNazi most recently claimed responsibility for a brief outage on Twitter, and is believed responsible for an attack on 4chan that was enabled by compromising the Gmail account of CloudFlare co-founder Matthew Prince).
Prosecutors said Islam was also the founder of Carders.org, an online carding forum similar to the sting site. Authorities picked up Islam Monday night in Manhattan when he met an undercover FBI agent — whom he believed was a fellow “carder” — to collect cloned credit cards containing stolen information. Islam was arrested when he tried to use one of the cards to withdraw cash.
The defendants, depending on their charges, face prison terms ranging from five years to more than 25 years.
Another 13 people were arrested by foreign authorities in seven countries, including the U.K., Bosnia and Bulgaria.