The U.S. Justice Department just took down an online crime forum, which is believed to have trafficked in stolen identities, financial data and contraband goods thought to be worth over $530M in intended losses. The goal over the course of the group’s seven-year history was apparently $2.2B in damage. The takedown is one of the largest ever prosecuted by the feds in the field of cybercrime; the Justice Department filed charges against 36 people allegedly involved with Infraud Organization (its legitimate name).
The Department of Justice described the organization as “an Internet-based cybercriminal enterprise engaged in the large-scale acquisition, sale, and dissemination of stolen identities, compromised debit and credit cards, personally identifiable information, financial and banking information, computer malware, and other contraband”.
The investigation was an international effort. Those charged by a nine-count superseding indictment by a Las Vegas, Nevada grand jury of racketeering, conspiracy and other crimes included 13 defendants from the U.S. and 23 from other countries, including Australia, Egypt, France, Italy, Serbia and the U.K. Law enforcement has only arrested 13 of the members to date, five of whom are from the U.S. and only one of whom is considered at the top of the food chain, Sergei Medvedev.
“As alleged in the indictment, Infraud operated like a business to facilitate cyberfraud on a global scale”, said Acting Assistant Attorney General Cronan. He added, “The Department of Justice refuses to allow these cybercriminals to use the perceived anonymity of the Internet as a shield for their crimes. We are committed to working closely with our international counterparts to identify, investigate, and bring to justice the perpetrators of these crimes, wherever in the world they operate.”
InFraud began in 2010 as a mostly English-language fraud forum, which brought in almost 11,000 members worldwide to engage in online fraud. According to the indictment, it was started by Ukranian hacker Svyatoslav Bondarenko aka “Obnon,” aka “Rector”, aka “Helkern”, to make the InFraud Organization the premier site for online carding i.e. purchasing retail items with stolen credit card information. It also offered an escrow service to help facilitate illegal digital currency transactions among its members. Bondarenko has not yet been arrested.
Infraud members had clearly defined roles within the organization’s hierarchy, ranging from “Administrators” to “Moderators” to “VIP Members”.
The Americans charged with being involved have already appeared in court, and if found guilty, could face 30 years or more in prison.
Security researcher Brian Krebs noted on his site that he wasn’t sure if “the Helkern association with Bondarenko is accurate”, and said he thinks there are clues that Rescator/Helkern could be “a different Ukranian man named Andrey Hodirevski” whose cybercrime shop Krebs identified in 2014 as the primary vendor of cards stolen from Target.