US authorities have pressed charges against no fewer than 36 people from 17 countries for their alleged involvement in maintaining an international cybercrime behemoth enterprise that is believed to have caused losses of $530 million to both private individuals and businesses over a period of seven years.
Thirteen of those charged have been apprehended, including five in the United States and the rest in Australia, the United Kingdom, France, Italy, Kosovo and Serbia, according to a statement by the US Department of Justice. The US government is reportedly seeking the extradition of those from outside the country.
The investigators believe that the sprawling network, known as the ‘Infraud Organization’, is guilty of various flavors of nefarious business, including “the large-scale acquisition, sale, and dissemination of stolen identities, compromised debit and credit cards, personally identifiable information, financial and banking information, computer malware, and other contraband”.
Among the three dozen charged, most of which are in their 20s and 30s, is the network’s alleged creator – Svyatoslav Bondarenko from Ukraine. He remains at large, while a purported co-founder and administrator, Sergey Medvedev of Russia, is among those arrested. Medvedev is believed to have also operated an escrow service for the organization’s members, facilitating illegal digital currency transactions among them.
Opening shop in October 2010, the enterprise operated as an online discussion board under the tagline “In Fraud We Trust”. “Members of the Infraud Organization used the forum to coordinate and conduct online criminal activities that included identity theft, bank fraud, wire fraud and computer crimes,” Deputy Assistant Attorney General David Rybicki is quoted as saying.
According to US authorities, the enterprise aimed at becoming the premier destination for the buying and selling of stolen payment card data and forged identification documents. It is believed that the losses that the Infraud Organization had intended to cause were north of $2.2 billion.
The organization “directed traffic and potential purchasers to the automated vending sites of its members, which served as online conduits to traffic in stolen means of identification, stolen financial and banking information, malware, and other illicit goods”, said the Department of Justice.
“Today’s indictment and arrests mark one of the largest cyberfraud enterprise prosecutions ever undertaken by the Department of Justice … The Department of Justice refuses to allow these cybercriminals to use the perceived anonymity of the Internet as a shield for their crimes. We are committed to working closely with our international counterparts to identify, investigate, and bring to justice the perpetrators of these crimes, wherever in the world they operate,” said Acting Assistant Attorney General John Cronan.
The illicit proceeds are believed to have been laundered via digital currencies, including Bitcoin and the defunct service Liberty Reserve, whose founder, Arthur Budovsky, is currently serving a sentence for money laundering.
The ring’s pecking order is said to have included a number of clear-cut roles, specifically administrators, “super moderators”, moderators, vendors, VIP members, and regular members. The network had nearly 11,000 rank-and-file members as of March 2017.
The latest crackdown, called the “Operation Shadow Web”, brings back memories of similar busts. The 2013 takedown of the dark web-based drug marketplace Silk Road and its mastermind, Ross Ulbricht aka ‘Dread Pirate Roberts’, has since become somewhat of the stuff of legend. Its successor, Silk Road 2.0, met a similar fate a little over a year later. In June 2017, another sting operation took down AlphaBay and Hansa, two of the largest dark markets at the time.
Senior US officials, including former FBI head James Comey and Attorney General Jeff Sessions have said before that not even flocking to anonymizing services such as Tor can help cybercriminals escape detection.
Speaking after the latest crackdown, Acting Executive Associate Director Derek N. Benner of US Immigration and Customs Enforcement’s Homeland Security Investigations echoed their views, noting that “cyberspace is not a refuge from justice”.
Author Tomáš Foltýn, ESET