Slashdot Mirror

← Back to Stories (view on slashdot.org)

Massive Online ID Fraud Ring Busted

Posted by CowboyNeal on from the shakedown-breakdown dept.

Iphtashu Fitz writes "CNet News is reporting that the US Secret Service in conjunction with authorities in six foreign countries have arrested 28 people in the last 48 hours on charges of identity theft, computer fraud, credit card fraud and conspiracy. Dubbed Operation Firewall, the Secret Service identified a group of people who stole over 1.7 million credit card numbers as well as a passport-forging facility in Bulgaria. The investigation started in July 2003 when the Secret Service began investigating an unspecified financial crime. They identified the website Shadowcrew.com whose members traded tutorials and information about identity theft and forgery and exchanged sensitive personal and financial information. The Shadowcrew website has since undergone a makeover thanks to the Secret Service. A press release about the operation can also be found on their website."

19 of 353 comments (clear)

  1. We need more action on identity theft by mind21_98 · · Score: 4, Insightful

    Identity theft can destroy people, literally. Not to mention the years it could take to clean up the damage. This is excellent, and hopefully more busts will follow. :)

    --
    US businesses that currently accept chip and PIN/signature
  2. One step towards security by Dancin_Santa · · Score: 5, Insightful

    What I would really like, more than the arrest of identity thieves, is the entire identification system become more immune to this kind of theft. By simply eliminating the suspects, the actual threats posed by them have only been reduced in number, not in level of threat. All those identity insecurities still exist in the system waiting to be taken advantage of the next time some palooka decides it's worth it to skim off a few credit card numbers.

    I surely don't have the solution to fix the identity theft problem. In fact, I would leave it to my colleagues here at Slashdot who are much more knowledgable about security issues than I am to hammer out the fine details of a more secure system.

    As we become more dependent upon our identification numbers, credit card numbers, social security numbers, and every other number which identifies and tracks us, we open ourselves up to this kind of identity theft threat. The solution is not simply to lock up the perpetrators, it must be a technical solution which makes it difficult or impossible to steal an identity.

    1. Re:One step towards security by LoadWB · · Score: 3, Insightful

      Something which really irks me is how many of my accounts require that I provide my SSAN over the phone as proof of my identity. My SSAN appears on countless documents throughout my life, most of which have passed through insecure hands, and some probably misplaced or lost so others can read them. Primarily this includes my military medical documentation (as my sponsor, my father's information is more prominent on these, though my SSAN is used in documents from my early 20's,) and my college documentation.

      I deal with a number of companies which use my SSAN as the "key" to my account, some which (supposedly) supplant it with a passphrase -- though a representative of one company told me that if I couldn't remember my passphrase she would accept my SSAN! This completely goes against my reason for having a passphrase on the account in the first place! I will not go into detail about with which companies I have accounts covered by this policity, but suffice to say that just about every service I am provided suffers in this way.

      Like the parent, I cannot myself come up with a feasible system for replacement. I even had one company rep ask me what I would prefer to use, I answered "I don't care, just not my [SSAN]." Not necessarily true, since some companies ask for information which can be read directly off a stolen or misdirected envelope.

      None-the-less, the current system IS broken and IS too easy to subvert. I find that too many entities look to the end user for solutions to their problems, as illustrated by the above question posed to me. I am sorry, but it is not the customer's responsibility to provide a fix to a company's broken procedures; the company itself should invest whatever it takes to ensure its customer/client safety, regardless of the cost.

      Personally, I would opt to pay more for a service which made it more difficult to access my account information. If more companies provided a service like this, eventually it would become the norm and the price of such secure service would settle back down due to competition.

      I do feel the need to address something I provided in my introduction: college documentation. Something as simple as classroom roll sheets is a problem. In more than one class I have attended a sheet of paper was passed around the class (proof of attendance, clarification of class enrollment, or whatever) on which a student was to print his or her name, SSAN, and then sign. Need I say more? Put all of these elements together and think about our personal security. Even I wrote my SSAN on such documents until later in my college life when I thought better of this practice. Only once did my refusal cause a problem, and I ultimately won the argument in front of college administration.

    2. Re:One step towards security by Stiletto · · Score: 2, Insightful

      I've said it before.

      ID theft is only a problem because we place so much importance on our identities. One person can get a home loan. The other can't. One persan can get health insurance. The other can't.

      The simple example is insurance. Insurance rates should not depend on the individual. The whole point of insurance is to spread the risk and cost of rare catastrophic events. Each should pay an equal share. When you get a system like today which is so perfect as to analyse each person's risk and charge him accordingly, why have insurance to begin with?

  3. Did you guys read their forums by Anonymous Coward · · Score: 1, Insightful
    I started reading their cradit card number theft forums and the more I read the more angry I got. I have to agree with other posters: it's a very good thing they busted them.

    The only thing that makes me depressed is that this is just the tip of the iceberg.

  4. Defacement? by Colz+Grigor · · Score: 1, Insightful

    Does it strike anyone else as odd that the Secret Service would deface a website in this manner?

    I'm guessing that this was more of a pre-election public relations maneuver and that this was something less of an event than we would be led to believe.

    1. Re:Defacement? by jimicus · · Score: 4, Insightful

      Does it strike anyone else as odd that the Secret Service would deface a website in this manner?

      Odd? Unthinkable. Unless you had already rounded up every single important person in the group, why on Earth would you signal to them that they were under investigation? The tone and design looks more like some kid-in-a-basement-circa 2001 than US Government Office circa 2004.

      I call bullshit. More likely someone with the relevant passwords put that up when it became clear that they were under investigation.

    2. Re:Defacement? by bigtallmofo · · Score: 2, Insightful

      Oh yeah, whenever a law enforcement agency makes a bust, they always like to keep it hush-hush. That way, the person they busted can't be made an example of and discourage additional people from getting into that illegal line of work.

      I'm sure they knew exactly waht they were doing. They probably busted everyone involved in the Shadowcrew group and wanted to leave a nice message to every other group that you're probably being investigated too. It's a standard bluff, and will likely at least make other groups less brazen with what they do (hopefully limiting their harm) if not encourage them to find a more legal line of work.

      --
      I'm a big tall mofo.
  5. Slashdotted! by z1d0v · · Score: 3, Insightful

    How long will the will they take to check on all Slashdotters that clicked on the link? I think we just made their job just grew up a bit! :)

  6. copyright infringement by the secret service by bani · · Score: 4, Insightful

    now watch the RIAA prosecute the secret service under the DMCA for illegally distributing copyrighted music through a website operated by the secret service...

  7. Re:Strong encryption broken? by tristan-jt2 · · Score: 2, Insightful

    I read it like a hint that when you're trying to conceal criminal activities behind a VPN, you'd better make sure the endpoint of the VPN has not been owned by the USSS.

    The same goes for encrypted emails and the likes... There's little point in encrypting something if the recipient has had to surrender the key to a law enforcement agency.

  8. Re:Not very subtle! :) by Seventh+Magpie · · Score: 5, Insightful

    well lets think about this. 1) Take it down: 3972 members thinking "oh the site's just down temporarily" 2) Put up the cool USSS site: 3972 members scared for their lives so that they stop their illegal activities and turn themselves in to USSS. (Not to mention have a mental breakdown next time they see Mission Impossible!) Hmm..I think it's a damn good decision.

  9. Re:us secret service by marktaw.com · · Score: 4, Insightful

    I think that kind of thing is actually in your phone book.

  10. Come on, this is slashdot... by will_die · · Score: 2, Insightful

    The title of this should be Department of Homeland Security busts computer users.
    Then the 90% of the messages will consist of what is homeland security doing busting innocent computer users and how President Bush had a direct involvment.

  11. Re:Clicking on shadowcrew link = being investigate by bersl2 · · Score: 2, Insightful

    Once they see that we were all referred from the same site...

  12. Let's hope it's as big as it sounds! by waterbear · · Score: 3, Insightful

    Absolutely this is the kind of case the law enforcers need to investigate and crack down on it hard.

    I'll wait with bated breath to see if they really did get the 'Mr Big's and can nail them.

    Unfortunately, it has occasionally turned out, with big organised crime operations, that the big guys really got away, and the criminal evidence against the others had crucial flaws, so that in the end, after years of delays and millions of taxpayers money in investigation costs and lawyers fees, even the smaller guys got off too.

    I really hope this isn't going to be another one of those. For the time being, we can hope that the cybercops have earned their credit here.

    -wb-

  13. Re:`Dubbed Operation Firewall[...]' by DNS-and-BIND · · Score: 2, Insightful

    Operations get named by pointy-headed bosses. I'm sure the Secret Service, being a governmental organization, has twice the number of PHBs as any corporation.

    --
    Shutting down free speech with violence isn't fighting fascism. It IS fascism!
  14. Re:Not very subtle! :) by Angafirith · · Score: 2, Insightful

    It's probably cheaper for them to deter people from these actions than it is for them to arrest them.

    There's a house around here that was originally used by a group of drug dealers and prostitutes that was located in a bad neighborhood. The police raided it and turned it into a police substation.

    --
    "It is better to risk sparing a guilty person than to condemn an innocent one." - Voltaire
  15. Re:Yes, but... by Viceice · · Score: 2, Insightful

    I hope they do. Then the USSS will get pissed at em and raid them under Organised Crime charges. If the RIAA isn't an extortion racket, i don't know what is.

    --
    Sometimes I wish I was a plumber, then I'd know how to deal with other people's shit.