U.S. charges 24 people in massive hacking sting

NEW YORK Tue Jun 26, 2012 8:02pm EDT

1 of 2. Mir Islam exits the Manhattan Federal Court in New York June 26, 2012.

Credit: Reuters/Eduardo Munoz

Related Topics

NEW YORK (Reuters) - U.S. law enforcement officials on Tuesday said 24 suspected hackers had been arrested in a sting operation spanning four continents that targeted online financial fraud of stolen credit card and bank information.

In a two-year investigation, FBI agents posed as hackers on Internet forums, watching as other hackers swapped methods for breaching data security walls and creating fake credit cards that would work for Internet and in-person purchases.

The probe prevented $205 million in possible losses on over 411,000 compromised consumer credit and debit cards, U.S. authorities in New York said.

Eleven people were arrested in the United States, the Federal Bureau of Investigation and the Manhattan U.S. Attorney's office said. The thirteen others were arrested in countries from Britain to Japan, the authorities said. Officials in Australia also conducted searches.

"Clever computer criminals operating behind the supposed veil of the Internet are still subject to the long arm of the law," Manhattan U.S. Attorney Preet Bharara said.

During the operation, the FBI said, it not only monitored the hackers' activities but also contacted "multiple" people and institutions hit by the hackers and showed them how to repair their security breaches and protect themselves in the future.

No credit card companies or banks were named in Tuesday's court documents.

The 24 people arrested were all men aged 18 to 25. Some face up to 40 years or more in prison if convicted on conspiracy to commit wire fraud charges and access device fraud charges.

The FBI operation centered around a "carding forum" that it had secretly created in June 2010, and was in charge of running unbeknownst to its participants, authorities said.

The forum, called "Carder Profit," was essentially an online market for registered users to exchange stolen account numbers. It was shut down in May.

Two people were arrested in the New York area and were later released on bail after appearing in Manhattan federal court.

One of the men, Mir Islam, known online as "JoshTheGod," was charged with trafficking in 50,000 stolen credit card numbers. Authorities said Islam had admitted to helping emerging hacker outfit UgNazi, which said it had launched a cyber attack against the microblogging platform Twitter last week.

Islam, 18, who lives in the New York borough of the Bronx, appeared before U.S. Magistrate Judge James Francis in flip-flop sandals and jeans. His parents, who are from Pakistan, watched the proceeding from a back bench. Islam was released on a $50,000 bond.

Fellow Bronx resident Joshua Hicks, 19, also known as "OxideDox," was charged with one count of access device fraud. Wearing red basketball shorts, Hicks was released on a $20,000 bond after a brief hearing before the same judge.

Meanwhile on Tuesday, the U.S. Federal Trade Commission filed a complaint against Wyndham Worldwide Corp and three subsidiaries, alleging that the hotel operator failed to keep customer data secure.

That failure resulted in the theft of hundreds of thousands of consumers payment card numbers, which were sent to an Internet address registered in Russia and $10.6 million in fraudulent charges, according to the complaint.

The cases are U.S. v Joshua Hicks and U.S. v. Mir Islam, U.S. District Court for the Southern District of New York, Nos 12-1639 and 12-1701

(Reporting By Basil Katz; Editing by Carol Bishopric, Gary Hill)

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (1)
DiogoCampos wrote:
Hello Reuters.

Let it be known that these people committed many more crimes against several other people around the globe, not just credit card fraud, they’ve slandered, they’ve humilliated, they’ve mocked, they’ve scammed, they’ve made denial of service attacks, they’ve stolen private information, they used RAT’s, botters, keyloggers, viruses, shells, they did everything that’s possible in the hacking world against innocent people just because they were restricted from several gaming websites due to their obnoxious and unnaceptable behaviour. They’ve made people innocent people live in fear of even being on the internet. They’ve made friends of mine just quit the internet cold turkey because of their actions. And all of this in the name of their own personal vendettas and for “fun”, this is their concept of “fun”…making other people’s lives miserable. Sad, but true, very few people of this new ‘internet generation’ have values and integrity.

Let it be known that I am proud to have provided information to the FBI regarding this matter through their IC3 criminal complaint center against these indviduals and their group. After watching my friends suffering I decided to make my own investigation, I’ve gathered all the possible information and sent everything I could find to the FBI.

Let is be known that no hacker is free to commit illegal activities without being investigated, arrested, and legally prossecuted to the full extent of the Law.

Let is be known that justice is still alive, today we will praise justice, today we will yell VICTORY!

Congratulations to the USA’s Federal Bureau of Investigation, I’m truly amazed on how this sting operation worked out, what a remarkable work, they were smart, but the FBI outsmarted them, it’s brilliant!

Thank you very much, honestly,
Dr.Diogo Campos.

Jun 27, 2012 8:16am EDT  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.