Slashdot Mirror

← Back to Stories (view on slashdot.org)

Massive Online ID Fraud Ring Busted

Posted by CowboyNeal on from the shakedown-breakdown dept.

Iphtashu Fitz writes "CNet News is reporting that the US Secret Service in conjunction with authorities in six foreign countries have arrested 28 people in the last 48 hours on charges of identity theft, computer fraud, credit card fraud and conspiracy. Dubbed Operation Firewall, the Secret Service identified a group of people who stole over 1.7 million credit card numbers as well as a passport-forging facility in Bulgaria. The investigation started in July 2003 when the Secret Service began investigating an unspecified financial crime. They identified the website Shadowcrew.com whose members traded tutorials and information about identity theft and forgery and exchanged sensitive personal and financial information. The Shadowcrew website has since undergone a makeover thanks to the Secret Service. A press release about the operation can also be found on their website."

37 of 353 comments (clear)

  1. This is pretty big! by Seventh+Magpie · · Score: 3, Informative

    Hey this is the kind of case law enforcement needs. Take down the big boys. As much as some of you like to flame the USSS, you gotta give them credit for this one!

    1. Re:This is pretty big! by Anonymous Coward · · Score: 3, Funny

      USSS?

      United Soviet Socialist States? I didn't know Bush had gone that far just yet.

      oh, United States Secret Service. Still, you have to wonder about a secret government organization using 'SS' as its designation...

    2. Re:This is pretty big! by FrYGuY101 · · Score: 3, Funny

      The United States Secret Service was formed in 1865. The Schutzstaffel was formed in 1925.

      Under your logic, were I to form a terrorist group and name it "John Kerry", he should have to change his name.

      Shit. I just named a presidential candidate, Nazi orginization, AND the word 'terrorist' in the same post... oh well, the NSA was slashdotted earlier, I'm sure they won't be coming to get me, I'm safe here in..@#%#$%34j[CARRIER LOST]

      --
      "If we let things terrify us, life will not be worth living."

      - Seneca
  2. We need more action on identity theft by mind21_98 · · Score: 4, Insightful

    Identity theft can destroy people, literally. Not to mention the years it could take to clean up the damage. This is excellent, and hopefully more busts will follow. :)

    --
    US businesses that currently accept chip and PIN/signature
    1. Re:We need more action on identity theft by kentmartin · · Score: 5, Funny

      Identity theft can destroy people, literally.

      Identity theft, the worlds leading cause of spontaneous human combustion. Four out of five leading physicists agree.

    2. Re:We need more action on identity theft by AndroidCat · · Score: 3, Funny

      That happened to me once! I got better.

      --
      One line blog. I hear that they're called Twitters now.
    3. Re:We need more action on identity theft by Proteus · · Score: 3, Informative
      Identity theft should be a capital offense. Life sentences should be the minimum punishment.
      Your so-called "Identity Theft" is actually something that's been around for a long time: fraud. In this case, financial fraud by impersonating another person.

      Fraud already carries some serious penalties -- the new wave of fraud has more to do with the difficulty of tracing someone who obtains personal information for the purposes of fraud using the Internet. We now have people capable of defrauding others from distant countries. I think we're much better off spending time and money on improving forensic abilities, requiring creditors and vendors accepting credit to implement better security measures, and educating consumers about how they can protect themselves.

      The punishment for identity fraud should be:
      • Restitution of funds gaind by fraud, by 200% (defraud me of $6000, pay me $12000 back)
      • Required to contact defrauded creditors, with a monitoring justice agent, and clear the accounts
      • Denied credit for a term of 20 years
      • For "grand" fraud (over $20000), some prison time
      • Fines constituting 20% of funds defrauded, the majority of which enforcment agencies can keep.


      Those might help agencies develop better security and forensics, which leads to more criminals being caught. When people are actually getting caught, then the penalties are actually effective deterrents.
      --
      We may not imagine how our lives could be more frustrating and complex—but Congress can. – Cullen Hightower
  3. Not very subtle! :) by evenprime · · Score: 4, Funny

    The fed-version of their website is priceless. I especially like the music and the picture of hands reaching through the bars of a jail cell.

    --

    "Weapons should be hardy rather than decorative" - Miyamoto Musashi
    I think that goes for OS's too
  4. Yes, but... by IceFreak2000 · · Score: 5, Funny

    ... how long before the US Secret Service gets served a writ by the RIAA for damages related to the use of the Mission Impossible theme tune? ;)

    --
    Life is like a sewer; what you get out of it depends on what you put into it...
  5. The top secret stamp effect by Eudial · · Score: 4, Funny

    Morons. If you want to conspire, wouldn't it be smart to do it somewhere with a wee bit less conspicuous name than shadow crew?

    --
    GAAH! MY PRINTER IS ON FIRE!!! PUT IT OUT! PUT IT OUT!
  6. Crafty buggers by upside · · Score: 3, Funny

    "...a group of people who stole ... a passport-forging facility in Bulgaria."

    Sorry, just had to nitpick. ;)

    --
    I'm sorry if I haven't offended anyone
  7. us secret service by marc252 · · Score: 5, Funny

    I like the phrase:
    "CONTACT YOUR LOCAL UNITED STATES SECRET SERVICE FIELD OFFICE....BEFORE WE CONTACT YOU!!"
    Yeah! like I know where the local offices are :-) Aren't they supposed to be secret?
    Is it like a franchise? You get macdonalds and right next to it "your local us secret service office"!
    Great!

    1. Re:us secret service by marktaw.com · · Score: 4, Insightful

      I think that kind of thing is actually in your phone book.

  8. slashdot by Neo-Rio-101 · · Score: 5, Funny
    The Shadowcrew website has since undergone a makeover thanks to the Secret Service.

    ...and now a free slashdotting to finish them off.

    --
    READY.
    PRINT ""+-0
  9. Too funny... by Omniscientist · · Score: 3, Interesting
    I am no friend of identity theft, and I'm glad to see this happen.

    I find the website hilarious, especially the bottom line:

    "RECENT NEWS REPORTS SHOULD INFORM YOU THAT THE SECRET SERVICE IS INVESTIGATING YOUR CRIMINAL ACTIVITY. CONTACT YOUR LOCAL UNITED STATES SECRET SERVICE FIELD OFFICE....BEFORE WE CONTACT YOU!!"

    That is a hilarious signature they have left, but this seems so funny that I'm actually surpised that the Secret Service is having this much of a ball on the website, not something I expect, but like to see!

  10. One step towards security by Dancin_Santa · · Score: 5, Insightful

    What I would really like, more than the arrest of identity thieves, is the entire identification system become more immune to this kind of theft. By simply eliminating the suspects, the actual threats posed by them have only been reduced in number, not in level of threat. All those identity insecurities still exist in the system waiting to be taken advantage of the next time some palooka decides it's worth it to skim off a few credit card numbers.

    I surely don't have the solution to fix the identity theft problem. In fact, I would leave it to my colleagues here at Slashdot who are much more knowledgable about security issues than I am to hammer out the fine details of a more secure system.

    As we become more dependent upon our identification numbers, credit card numbers, social security numbers, and every other number which identifies and tracks us, we open ourselves up to this kind of identity theft threat. The solution is not simply to lock up the perpetrators, it must be a technical solution which makes it difficult or impossible to steal an identity.

    1. Re:One step towards security by LoadWB · · Score: 3, Insightful

      Something which really irks me is how many of my accounts require that I provide my SSAN over the phone as proof of my identity. My SSAN appears on countless documents throughout my life, most of which have passed through insecure hands, and some probably misplaced or lost so others can read them. Primarily this includes my military medical documentation (as my sponsor, my father's information is more prominent on these, though my SSAN is used in documents from my early 20's,) and my college documentation.

      I deal with a number of companies which use my SSAN as the "key" to my account, some which (supposedly) supplant it with a passphrase -- though a representative of one company told me that if I couldn't remember my passphrase she would accept my SSAN! This completely goes against my reason for having a passphrase on the account in the first place! I will not go into detail about with which companies I have accounts covered by this policity, but suffice to say that just about every service I am provided suffers in this way.

      Like the parent, I cannot myself come up with a feasible system for replacement. I even had one company rep ask me what I would prefer to use, I answered "I don't care, just not my [SSAN]." Not necessarily true, since some companies ask for information which can be read directly off a stolen or misdirected envelope.

      None-the-less, the current system IS broken and IS too easy to subvert. I find that too many entities look to the end user for solutions to their problems, as illustrated by the above question posed to me. I am sorry, but it is not the customer's responsibility to provide a fix to a company's broken procedures; the company itself should invest whatever it takes to ensure its customer/client safety, regardless of the cost.

      Personally, I would opt to pay more for a service which made it more difficult to access my account information. If more companies provided a service like this, eventually it would become the norm and the price of such secure service would settle back down due to competition.

      I do feel the need to address something I provided in my introduction: college documentation. Something as simple as classroom roll sheets is a problem. In more than one class I have attended a sheet of paper was passed around the class (proof of attendance, clarification of class enrollment, or whatever) on which a student was to print his or her name, SSAN, and then sign. Need I say more? Put all of these elements together and think about our personal security. Even I wrote my SSAN on such documents until later in my college life when I thought better of this practice. Only once did my refusal cause a problem, and I ultimately won the argument in front of college administration.

  11. Shame on you... by dbCooper0 · · Score: 3, Funny
    I clicked on the link...twice even...now I'm earmarked for Federal Investigation, like I need that in my humble, growing-something-in-the-basement life I try to live.

    Shame on you, Slashdot!.

    My life is in despair because of you!

    --
    db
    Cig:
    ôô
    /`
  12. ShadowCrew "Joe Jobs" by alanw · · Score: 4, Informative
    Shadowcrew has its very own entry in the Snopes Urban legends page, after being the subject of "Joe-Job" e-mails claiming that "your credit card has been charged $149.95 for child pornography"

    One can only wonder who was responsible. A rival group of fraudsters perhaps, or someone trying to bring them into further disrepute?

  13. Gov't HTML by nadaou · · Score: 4, Funny

    The Secret Service has not yet learnt how to decode the untold mysteries of the
    apparently.

    --
    ~.~
    I'm a peripheral visionary.
  14. Re:Not very subtle! :) by metlin · · Score: 4, Funny
    LOL!

    From the source-code of the site --
    <meta http-equiv="Content-Language" content="en-us">
    <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
    <meta name="ProgId" content="FrontPage.Editor.Document">
    No wonder -- the word ShadowCrew does not render properly in Firefox =)

    Come on you guys at Secret Service!!! Use a good browser guys ;-)
  15. Re:Jurisdiction by tristan-jt2 · · Score: 5, Informative

    I'm not a US citizen, so I may well be mistaken, but the USSS is part of the Department of Treasury. One of their better known mission is to deal with couterfeit money (beside of protecting the POTUS).

    Since ID theft has the potential of screwing up the financial system in a rather major way, I'm not too surprised they got involved on that case.

    Anyway, the idea of "defacing" the site was bloddy brilliant. It gives the strong message that the Law can get to the frauders level in order to catch them. I'm pretty sure the message got through to a few people in a much stronger way than a simple press release would have.

  16. Slashdotted! by z1d0v · · Score: 3, Insightful

    How long will the will they take to check on all Slashdotters that clicked on the link? I think we just made their job just grew up a bit! :)

  17. copyright infringement by the secret service by bani · · Score: 4, Insightful

    now watch the RIAA prosecute the secret service under the DMCA for illegally distributing copyrighted music through a website operated by the secret service...

  18. Note to self by yo303 · · Score: 5, Funny
    During the course of the investigation, computer underground criminal groups were identified as Shadowcrew, Carderplanet and Darkprofits.
    I must remember to make my criminal activity website a little more innocent-sounding the next time.

    Darkprofits and Shadowcrew.com? Come on.... they should have gone with shinyfunplace.com or fluffylegitimateactivity.com...

    What do you expect to happen if you run imgoingtokillthepresident.com? Happy fun time?

    yo.

  19. Re:Jurisdiction by bani · · Score: 4, Informative

    the secret service investigate and prosecute forgery. read it on their web site:

    http://www.secretservice.gov/investigations.shtm l

    "The Secret Service was established as a law enforcement agency in 1865. While most people associate the Secret Service with Presidential protection, our original mandate was to investigate the counterfeiting of U.S. currency--which we still do . Today our primary investigative mission is to safeguard the payment and financial systems of the United States. This has been historically accomplished through the enforcement of the counterfeiting statutes to preserve the integrity of United States currency, coin and financial obligations. Since 1984, our investigative responsibilities have expanded to include crimes that involve financial institution fraud, computer and telecommunications fraud, false identification documents, access device fraud, advance fee fraud, electronic funds transfers, and money laundering as it relates to our core violations."

  20. Re:Defacement? by jimicus · · Score: 4, Insightful

    Does it strike anyone else as odd that the Secret Service would deface a website in this manner?

    Odd? Unthinkable. Unless you had already rounded up every single important person in the group, why on Earth would you signal to them that they were under investigation? The tone and design looks more like some kid-in-a-basement-circa 2001 than US Government Office circa 2004.

    I call bullshit. More likely someone with the relevant passwords put that up when it became clear that they were under investigation.

  21. Re:Not very subtle! :) by Seventh+Magpie · · Score: 5, Insightful

    well lets think about this. 1) Take it down: 3972 members thinking "oh the site's just down temporarily" 2) Put up the cool USSS site: 3972 members scared for their lives so that they stop their illegal activities and turn themselves in to USSS. (Not to mention have a mental breakdown next time they see Mission Impossible!) Hmm..I think it's a damn good decision.

  22. Re:Not very subtle! :) by balster+neb · · Score: 3, Informative

    The site seems to be slashdotted or something (doesn't load). Mirrordot to the rescue:
    http://www.mirrordot.com/stories/837e41d1433a26838 15e933bda4b46bd/index.html.

    And as for the background sound, the site uses the nonstandard bgsound tag, which will work in IE. It's the theme from Mission: Impossible.

    Classic stuff.

  23. Re:Clicking on shadowcrew link = being investigate by ivan37 · · Score: 4, Funny

    I can see the headline now:

    "Hundreds of thousends of nerds arrested for suspicion of identity theft"

    Yep - you are going to be arrested within an hour of visiting the site because of the Patriot Act and then you will be sent to Cuba within a day and held as an enemy combatant.

    Here's a fun trick: Go to your friend's house and ask if you can check your email quick from their computer and visit the site. Sit across the street and laugh as unmarked vans take your friend away.

  24. Want to see what it looked like before? by Foresto · · Score: 3, Informative

    I think the site is now slashdotted, but the wayback machine reveals a bit of what it used to look like.

  25. Let's hope it's as big as it sounds! by waterbear · · Score: 3, Insightful

    Absolutely this is the kind of case the law enforcers need to investigate and crack down on it hard.

    I'll wait with bated breath to see if they really did get the 'Mr Big's and can nail them.

    Unfortunately, it has occasionally turned out, with big organised crime operations, that the big guys really got away, and the criminal evidence against the others had crucial flaws, so that in the end, after years of delays and millions of taxpayers money in investigation costs and lawyers fees, even the smaller guys got off too.

    I really hope this isn't going to be another one of those. For the time being, we can hope that the cybercops have earned their credit here.

    -wb-

  26. Re:I love to see the bullies bite the dust. by Deekin_Scalesinger · · Score: 5, Interesting

    In Soviet Russia, the Secret Service local field office contacts YOU before you contact them!

    Back on topic, at my last job I worked with the FBI and Secret Service on bank fraud, kiddie porn, etc cases that were hosted on our web servers. Think what you may about them, but they really have their shit together on these types of events and are dead eager to get the offenders in question. The smart person, if they are trying to do anything highly illegal, would do well to go about their business without using the internet. Once you get the attention of the Feds, its usually lights out for the perp. One case I assisted with was a conspirancy ring involving the sale of illegal guns in the UK, using a US based hosting company (my old job). That case broke earlier this year with several arrests and the destruction of the ring. Scotland Yard was the lead on it with backup from the FBI, with cheerful cooperation from us. Our policy was not to go "fishing" for questionble content on our web servers, but once we were made of illegal activity we would preserve evidence and work with the authorities. I've seen pictures on some website that puts tubgirl to shame, usually involving kids. Made me happy when the Feds would follow up with us and would tell us that they got their man (or men)...

    --
    "As the intrepid kobold companion continues his journey, he begins to wonder... if priests raises dead, why anybody die?
  27. Fraudulent transactions by SamMichaels · · Score: 4, Interesting

    I was recently brought on to an e-commerce project...day 1 was stopping the fraudulent orders being sent to Malaysia or to the drop sites in the US. All it takes is a 30 second call to the card company to get the issuing bank's number...99% of the bad cards were verified as stolen from the bank. One card wasn't reported as stolen yet...yay for me.

    If Paypal, IIS, etc can figure out key encryption, why can't we?

    1) Credit card company creates keys and issues it to the customer...the card number is replaced by a number identifying the key.
    2) Payment request certificates are sent to the customer who either signs it or doesn't sign it.
    3) Transactions are encrypted using keys....you, your bank, the merchant and the card company can decrypt the info, no one else.

    Didn't I just describe SSL/GPG? Oh wait..I did.

    It boils down to this: if you can't handle the technology (aka keep spyware off your machine, keep it updated, and keep your card number safe), DON'T USE THE TECHNOLOGY. Write a check...but of course, that's digitized now thanks to Check 21...that old technology will be deprecated very soon in favor of direct debit.

  28. Re:Not very subtle! :) by Mysticalfruit · · Score: 3, Funny

    that probably depends on which "port" Bubba uses for input/output and at what baud rate...

    --
    Yes Francis, the world has gone crazy.
  29. Re:This is pretty big!--The Feds missed one! by Anonymous Coward · · Score: 3, Interesting

    I just sent a complaint email to the abuse team responsible for Net access at a particular USA educational institution that is now hosting, at time of writing, a fake eBay 'phish' site. Presumably, it's just a compromised system cracked by outsiders--if not, then somebody there at said institution has got some 'splaning to do!

    The Feds may pay lip service to the spam email problem with Band-Aid approaches like the CAN-SPAM Act, but fvck with the USA money supply (via ID theft in this case) and they will take notice!

  30. Re:Wait by xThinkx · · Score: 5, Funny

    Apparently they stole several tags as well. Be on the lookout...

    --
    Let's get one thing perfectly clear, I did not vote for George W Bush, and I do not endorse what he does or says.
    "