Slashdot Mirror

← Back to Stories (view on slashdot.org)

Massive Online ID Fraud Ring Busted

Posted by CowboyNeal on from the shakedown-breakdown dept.

Iphtashu Fitz writes "CNet News is reporting that the US Secret Service in conjunction with authorities in six foreign countries have arrested 28 people in the last 48 hours on charges of identity theft, computer fraud, credit card fraud and conspiracy. Dubbed Operation Firewall, the Secret Service identified a group of people who stole over 1.7 million credit card numbers as well as a passport-forging facility in Bulgaria. The investigation started in July 2003 when the Secret Service began investigating an unspecified financial crime. They identified the website Shadowcrew.com whose members traded tutorials and information about identity theft and forgery and exchanged sensitive personal and financial information. The Shadowcrew website has since undergone a makeover thanks to the Secret Service. A press release about the operation can also be found on their website."

9 of 353 comments (clear)

  1. We need more action on identity theft by mind21_98 · · Score: 4, Insightful

    Identity theft can destroy people, literally. Not to mention the years it could take to clean up the damage. This is excellent, and hopefully more busts will follow. :)

    --
    US businesses that currently accept chip and PIN/signature
  2. One step towards security by Dancin_Santa · · Score: 5, Insightful

    What I would really like, more than the arrest of identity thieves, is the entire identification system become more immune to this kind of theft. By simply eliminating the suspects, the actual threats posed by them have only been reduced in number, not in level of threat. All those identity insecurities still exist in the system waiting to be taken advantage of the next time some palooka decides it's worth it to skim off a few credit card numbers.

    I surely don't have the solution to fix the identity theft problem. In fact, I would leave it to my colleagues here at Slashdot who are much more knowledgable about security issues than I am to hammer out the fine details of a more secure system.

    As we become more dependent upon our identification numbers, credit card numbers, social security numbers, and every other number which identifies and tracks us, we open ourselves up to this kind of identity theft threat. The solution is not simply to lock up the perpetrators, it must be a technical solution which makes it difficult or impossible to steal an identity.

    1. Re:One step towards security by LoadWB · · Score: 3, Insightful

      Something which really irks me is how many of my accounts require that I provide my SSAN over the phone as proof of my identity. My SSAN appears on countless documents throughout my life, most of which have passed through insecure hands, and some probably misplaced or lost so others can read them. Primarily this includes my military medical documentation (as my sponsor, my father's information is more prominent on these, though my SSAN is used in documents from my early 20's,) and my college documentation.

      I deal with a number of companies which use my SSAN as the "key" to my account, some which (supposedly) supplant it with a passphrase -- though a representative of one company told me that if I couldn't remember my passphrase she would accept my SSAN! This completely goes against my reason for having a passphrase on the account in the first place! I will not go into detail about with which companies I have accounts covered by this policity, but suffice to say that just about every service I am provided suffers in this way.

      Like the parent, I cannot myself come up with a feasible system for replacement. I even had one company rep ask me what I would prefer to use, I answered "I don't care, just not my [SSAN]." Not necessarily true, since some companies ask for information which can be read directly off a stolen or misdirected envelope.

      None-the-less, the current system IS broken and IS too easy to subvert. I find that too many entities look to the end user for solutions to their problems, as illustrated by the above question posed to me. I am sorry, but it is not the customer's responsibility to provide a fix to a company's broken procedures; the company itself should invest whatever it takes to ensure its customer/client safety, regardless of the cost.

      Personally, I would opt to pay more for a service which made it more difficult to access my account information. If more companies provided a service like this, eventually it would become the norm and the price of such secure service would settle back down due to competition.

      I do feel the need to address something I provided in my introduction: college documentation. Something as simple as classroom roll sheets is a problem. In more than one class I have attended a sheet of paper was passed around the class (proof of attendance, clarification of class enrollment, or whatever) on which a student was to print his or her name, SSAN, and then sign. Need I say more? Put all of these elements together and think about our personal security. Even I wrote my SSAN on such documents until later in my college life when I thought better of this practice. Only once did my refusal cause a problem, and I ultimately won the argument in front of college administration.

  3. Slashdotted! by z1d0v · · Score: 3, Insightful

    How long will the will they take to check on all Slashdotters that clicked on the link? I think we just made their job just grew up a bit! :)

  4. copyright infringement by the secret service by bani · · Score: 4, Insightful

    now watch the RIAA prosecute the secret service under the DMCA for illegally distributing copyrighted music through a website operated by the secret service...

  5. Re:Defacement? by jimicus · · Score: 4, Insightful

    Does it strike anyone else as odd that the Secret Service would deface a website in this manner?

    Odd? Unthinkable. Unless you had already rounded up every single important person in the group, why on Earth would you signal to them that they were under investigation? The tone and design looks more like some kid-in-a-basement-circa 2001 than US Government Office circa 2004.

    I call bullshit. More likely someone with the relevant passwords put that up when it became clear that they were under investigation.

  6. Re:Not very subtle! :) by Seventh+Magpie · · Score: 5, Insightful

    well lets think about this. 1) Take it down: 3972 members thinking "oh the site's just down temporarily" 2) Put up the cool USSS site: 3972 members scared for their lives so that they stop their illegal activities and turn themselves in to USSS. (Not to mention have a mental breakdown next time they see Mission Impossible!) Hmm..I think it's a damn good decision.

  7. Re:us secret service by marktaw.com · · Score: 4, Insightful

    I think that kind of thing is actually in your phone book.

  8. Let's hope it's as big as it sounds! by waterbear · · Score: 3, Insightful

    Absolutely this is the kind of case the law enforcers need to investigate and crack down on it hard.

    I'll wait with bated breath to see if they really did get the 'Mr Big's and can nail them.

    Unfortunately, it has occasionally turned out, with big organised crime operations, that the big guys really got away, and the criminal evidence against the others had crucial flaws, so that in the end, after years of delays and millions of taxpayers money in investigation costs and lawyers fees, even the smaller guys got off too.

    I really hope this isn't going to be another one of those. For the time being, we can hope that the cybercops have earned their credit here.

    -wb-