US And UK government authorities have seized 36 domain names as a result of Operation Wreaking hAVoC in a day of action Wednesday to target online criminals engaged in financial fraud.
The sites, identified by the Serious Organised Crime Agency (SOCA), FBI and Justice Department and other international law enforcement, as specialising in selling stolen payment card and online bank account details, used e-commerce type platforms known as Automated Vending Carts (AVC’s) allowing criminals to sell large quantities of stolen data quickly and easily. Visitors trying to access these sites are now directed to a screen indicating that the domain has been seized by law enforcement.
“This operation is an excellent example of the level of international cooperation being focused on tackling online fraud,” said Lee Miles, Head of Cyber Operations for SOCA. “Our activities have saved business, online retailers and financial institutions potential fraud losses estimated at more than half a billion pounds, and at the same time protected thousands of individuals from the distress caused by being a victim of fraud or identity crime.”
SOCA note they have been tracking the development of AVCs and monitoring their use by cyber criminals, who support payment card and online banking fraud on a global scale. Working with the FBI, the BKA in Germany, the KLPD in the Netherlands, the Ukraine Ministry of Internal Affairs, the Australian Federal Police, and the Romanian National Police, SOCA has recovered over 2.5 million items of compromised personal and financial information over the past 2 years.
The websites we are targeting today were commercial outlets for stolen credit card information,” said US Assistant Attorney General Breuer. “By making this information available on the Internet, these websites facilitated fraud on credit card holders around the world. The actions announced today are the result of extraordinary coordination with our international law enforcement partners, and reflect our commitment to use every tool at our disposal to shut down fraudulent, criminal enterprises.”
An AVC is a website that functions as an open-ended invitation to any visitor to purchase stolen credit card numbers, the Justice Department explained. AVCs allow a user to buy stolen credit card data over the Web, even using an online “shopping cart,” just like a traditional online retailer. Some AVC sites allow a buyer to select which type of credit card number to purchase, the account’s country of origin, and, in some cases, the state in which the account holder lives. AVCs allow sellers to traffic stolen credit card data without communicating directly with buyers.
“Countless lives are thrown into financial turmoil because of these websites,” said U.S. Attorney MacBride. “With a few simple clicks, thousands of stolen credit card numbers can be bought or sold to fraudsters anywhere in the world. Today’s seizures are part of an ongoing campaign to disrupt this online market regardless of where it operates.”
“By seizing the websites the criminal underground uses to blatantly sell stolen personal information, Operation Wreaking hAVoC shows that we are committed to protecting individuals online and preventing criminals from using the Internet to line their pockets,” said FBI Acting Executive Assistant Director Perkins. “The FBI and our partners around the world are committed to disabling these criminal networks. No single law enforcement agency can fight cyber crime on its own, and the FBI is proud to be a part of such an outstanding effort by all of the participating agencies.”
In the US the operation was led by the FBI’s Washington Field Office, the Computer Crime and Intellectual Property and Asset Forfeiture and Money Laundering Sections of the Justice Department’s Criminal Division and the U.S. Attorney’s Office for the Eastern District of Virginia. The FBI’s Pittsburgh Field Office and the U.S. Attorney’s Office for the Western District of Pennsylvania also assisted in the investigation.
The international operation was led by the United Kingdom’s SOCA. The Australian Federal Police (AFP); German Bundeskriminalamt (BKA); United Kingdom’s Dedicated Cheque and Plastic Crime Unit (DCPCU); Macedonian Ministry of Interior Cyber Crime Unit (MOI); Ukraine Ministry of Internal Affairs; Romanian Ministry of Interior; and the Dutch High-Tech Crimes Unit (KLPD) provided assistance. Activities conducted by these international law enforcement agencies included arrests of AVC operators and purchasers, additional domain seizures and data seizures.