Computer Crime Research Center


nternational Cybercrime Ring Busted

Date: May 20, 2008
By: Thomas Claburn

On Monday, the U.S. Department of Justice charged 38 individuals in the United States and Romania with ties to organized crime in two separate indictments involving computer and credit card fraud.

The alleged fraud includes charges of phishing -- soliciting personal information for illegal use via e-mail -- and "smishing" -- soliciting personal information for illegal use via Short Message Service (SMS) text messages.

"International organized crime poses a serious threat not only to the United States and Romania, but to all nations," Deputy Attorney General Mark R. Filip said in a statement. "Criminals who exploit the power and convenience of the Internet do not recognize national borders; therefore our efforts to prevent their attacks cannot end at our borders either. Through cooperation with our international partners, we can disrupt and dismantle these enterprises, just as we have done today with these indictments and arrests."

The deputy attorney general made the announcement in Bucharest, Romania, in conjunction with Romanian Prosecutor General Laura Codruta Kövesi to call attention to increased efforts by U.S. authorities to combat international organized crime.

On April 23, U.S. Attorney General Michael B. Mukasey announced a new strategy to deal with transnational criminals that stresses increased information sharing and cooperation with foreign authorities.

Thirty-three individuals were charged in a 65-count indictment unsealed in Los Angeles on Monday. The indictment alleges that the individuals participated in an international racketeering scheme that relied on the Internet to facilitate the theft and misuse of credit card numbers.

Seven were charged in a two-count indictment for phishing in New Haven, Conn., that was filed in January. Two of those seven were also listed in the Los Angeles case.

"For the people arrested today, the indictments charge that the defendants sent out mass quantities of e-mails, known as 'spam,' to lure victims to go to fraudulent Web sites that appeared to be legitimate banking or financial businesses," said Filip in prepared remarks. "At those sites, victims were tricked into entering personal information such as financial and identity information and personal passwords -- a scheme known as 'phishing.' That information was then harvested by 'suppliers' who, in turn, sent the information to 'cashiers' via real-time Internet chat sessions."

The indictments allege that crime group "cashiers" obtained credit card numbers and related personal information that had been stolen via spamming phishing and "smishing" messages. According to Filip, these "cashiers" used hardware credit card encoding devices and software to write stolen card numbers onto the magnetic strips of credit and debit cards. "Runners" then took those newly minted cards and proceeded to make unauthorized withdrawals. A percentage of the stolen funds were then transferred back to the suppliers of the stolen credit and debit card numbers. Filip estimated the amount stolen to be several million dollars.

Some of those facing charges used hotel door access cards, with their magnetic stripes reprogrammed, to withdraw an estimated total of $20,000 from ATMs.

In an Internet chat session cited in the Los Angeles indictment, one of the defendants, Hiep Thanh Tran, is alleged to have said, "bro this are from my spam ... super fresh ... I will spam more ... [I] spammed like hell ... used 7 remote desktops and 13 smpt servers ... 5 root ... [and] sent over 1. 3 million emails."

The carding ring allegedly dealt in stolen information linked to accounts at Allegheny Federal Credit Union, American National Bank of Texas, Arizona Federal Credit Union, Banker's Bank &Trust, Bank of the West, Boeing Employees' Credit Union, Bowdoinham Federal Credit Union, Capital One Bank, Citibank, Downey Savings &Loan, Credit Union One, E-Trade, Desert Schools Federal Credit Union, Flagstar Bank, First Merit Bank, Iowa League Corporate Central Credit Union, Jeffco Schools Credit Union, Langley Federal Credit Union, Mountain America Credit Union, Orange County Teacher's Credit Union, Pointbank, NASA Federal Credit Union, North Island Credit Union, Premier Credit Union, PSCU Financial Services, Regions Bank, School Financial Credit Union, Southwest Corporate Federal Credit Union, Teacher's Credit Union, Telco Credit Union &Affiliates, Valley National Bank, Visa, Washington State Employees Credit Union, and Waterbury Teachers' Federal Credit Union.

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo