36 Indicted in Global Cybercrime Ring That Stole $530M (go.com)

← Back to Stories (view on slashdot.org)

36 Indicted in Global Cybercrime Ring That Stole $530M (go.com)

Posted by msmash on Wednesday February 7, 2018 @06:51AM from the justice-served dept.

U.S. prosecutors say 36 people have been indicted in connection with an international cybercrime ring that bought and sold stolen credit card information, leading to losses of more than $530 million. From a report: The Justice Department says Wednesday that the so-called Infraud Organization dealt in the large-scale acquisition and sale of stolen identities, credit card information and malware. Deputy Assistant Attorney General David Rybicki says it was "truly the premier one-stop shop for cybercriminals worldwide." He says the organization used an online forum on the dark web to sell financial and personal information. Investigators believe the organization's nearly 11,000 members targeted more than 4.3 million credit cards and bank accounts.

40 comments

Min score:

Reason:

Sort:

Learn for it! by Murdoch5 · 2018-02-07 07:05 · Score: 4, Interesting

This should show everyone how much security and validation is lacking in almost every aspect of our lives. The best thing to do, is to learn from what happened and evolve systems that can deal with the real threats. When security legs behind, you get scenarios such as this!
1. Re:Learn for it! by geekmux · 2018-02-07 07:31 · Score: 2, Insightful
  
  This should show everyone how much security and validation is lacking in almost every aspect of our lives. The best thing to do, is to learn from what happened and evolve systems that can deal with the real threats. When security legs behind, you get scenarios such as this!
  The first step to make systems more secure, is to punish those who have made them insecure.
  When punishment lags behind, you see these scenarios happen over and over and over again, because organizations and the people who lead them do not give a shit enough to invest in fixing the problem.
2. Re: Learn for it! by Anonymous Coward · 2018-02-07 07:38 · Score: 0
  
  You mean, learn that civility is crumbling and that modern civilization is doomed? Where is the trust?
3. Re:Learn for it! by Anonymous Coward · 2018-02-07 10:47 · Score: 0
  
  > When security legs behind, you get scenarios such as this!
  Security Legs help me run from lacking security! I do not need your learning, I have Security Legs!
4. Re:Learn for it! by xvan · 2018-02-07 10:52 · Score: 1
  
  Why the need for punishment?
  As long as the CC companies take the burden of fraud losses, they can keep the shitty system if it makes financial sense for them.
5. Re:Learn for it! by ScentCone · 2018-02-07 11:04 · Score: 0
  
  Oh look, the crying children have arrived.
  
  --
  Don't disappoint your bird dog. Go to the range.
6. Re:Learn for it! by Anonymous Coward · 2018-02-07 11:13 · Score: 0
  
  I, TOO, HAVE SECURITY LEGS
7. Re:Learn for it! by Murdoch5 · 2018-02-07 11:14 · Score: 1
  
  Punishing those who exploit the holes, doesn't solve the problem.
8. Re:Learn for it! by Anonymous Coward · 2018-02-07 13:40 · Score: 0
  
  Why the need for punishment?
  As long as the CC companies take the burden of fraud losses, they can keep the shitty system if it makes financial sense for them.
  The problem is that they don't fully shoulder the burden of fraud losses. The inconvenience and side effects for the consumer who is involved, even when the credit card company proactively detects the fraud, contacts the consumer, and sends them a new card overnight, is still a burden that they don't compensate for.
9. Re:Learn for it! by Enigma2175 · 2018-02-07 13:46 · Score: 1
  
  Sure, that works fine for credit cards but the whole financial industry has shitty security when it comes to authenticating users. When someone takes out a loan in my name using information obtained from the Equifax breach (a company with whom I have no business relationship), what is my recourse? It's not like I can choose to patronize another company. Perhaps if companies were punished for such breaches then they would pay more attention to security.
  
  --
  Enigma
10. Re:Learn for it! by geekmux · 2018-02-08 01:54 · Score: 1
  
  Punishing those who exploit the holes, doesn't solve the problem.
  I said punish those who make the systems insecure in the first place. I'm talking about leaders of organizations who don't give a shit about investing in proper security, to include hiring properly trained staff and recognizing that a CSO has every right to tell even the CEO no if the situation demands it. And that CEO should fucking respect that justified decision.
  A lack of priority and respect for security is why we continue to have these discussions over and over and over again.
11. Re:Learn for it! by Murdoch5 · 2018-02-08 01:58 · Score: 1
  
  Fair enough and I totally agree. It's not just on the CSO, it's also on the CTO and I've seen FAR to many massively unqualified CTO's, who I wouldn't let watch a VTech kids notebook.
12. Re:Learn for it! by mjwx · 2018-02-08 02:34 · Score: 1
  
  This should show everyone how much security and validation is lacking in almost every aspect of our lives. The best thing to do, is to learn from what happened and evolve systems that can deal with the real threats. When security legs behind, you get scenarios such as this!
  Ooooh, and a unicorn. I'd also like a unicorn.
  
  We have many simple ways to secure money in our lives like one time passcodes which will eliminate most card fraud. The problem is that it will reduce credit card usage as people will find cash less annoying than having to enter a passcode to buy something online. Given that credit card companies and banks make money from transactions (they take it from the merchant and threaten the merchant with lawyers if they tell you about it) a drop in usage is a significant drop in profit. Right now they're making significantly more than they're losing in fraud (which is an excuse to put fees up, for you and the merchant).
  
  Even now with contactless cards, I have an app on my Android phone that can get your card number, name and expiry date (everything I need to do an online transaction) just by waving my phone near your cards. Security researchers demonstrated this in 2012, have banks done anything? Hell no, I'm willing to bet that most card numbers harvested now are via contactless.
  
  --
  Calling someone a "hater" only means you can not rationally rebut their argument.
13. Re:Learn for it! by Murdoch5 · 2018-02-08 03:26 · Score: 1
  
  I can't speak for the general public, but I always disable "flash" or "tap" on my cards. If I don't have to enter a passcode to use my card, then I shouldn't be using it.
No only 350 million by Anonymous Coward · 2018-02-07 07:23 · Score: 0

More to get.
Motivation... by Oswald+McWeany · 2018-02-07 07:30 · Score: 3, Interesting

There have been studies in the past to see what motivates people to NOT break the law.
To prevent people breaking the law, raising the sentence or the punishment tends to have little impact. What does have impact is raising the chance that you will get caught. You can hand out life sentences for people stealing candy bars and it would prevent fewer people stealing them than if you embedded a security chip into the wrapper or had a policeman standing next to the candy bar at all times watching it.
Punishment doesn't deter people- chance of getting caught does.
This is the problem with cybercrime. You can put any punishment on committing a crime and it won't stop many people doing it because; cyber criminals know there is almost no chance they will ever get caught. Cybercrime is only going to get worse because there isn't an effective way to police it; so people need to be increasingly vigilant about security.

--
"That's the way to do it" - Punch
1. Re:Motivation... by LeftCoastThinker · 2018-02-07 07:46 · Score: 0
  
  So by your logic, if we caught every criminal and then gave them a stern warning, that would deter all crime... That makes no sense.
  The truth is that serious penalties combined with a high likelihood of getting caught are what deters crime. Additionally, life sentences and death penalties eliminate RECIDIVISM which at least in the US pushes above 70% in 5 years, meaning we could significantly reduce crime rates with more life sentences for serious crimes.
  
  --
  If you disagree, please post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like
2. Re:Motivation... by Oswald+McWeany · 2018-02-07 08:00 · Score: 1
  
  So by your logic, if we caught every criminal and then gave them a stern warning, that would deter all crime... That makes no sense.
  The truth is that serious penalties combined with a high likelihood of getting caught are what deters crime. Additionally, life sentences and death penalties eliminate RECIDIVISM which at least in the US pushes above 70% in 5 years, meaning we could significantly reduce crime rates with more life sentences for serious crimes.
  I'm not saying that. But if we caught every criminal and gave them one year in jail it would deter a lot more than if we only caught 5% of them- and gave them life sentences.
  
  --
  "That's the way to do it" - Punch
3. Re:Motivation... by Anonymous Coward · 2018-02-07 08:09 · Score: 0
  
  "Cybercrime is only going to get worse because there isn't an effective way to police it"
  O Rly? Welcome to the era of the cloud. Anyone not on it is suspect.
4. Re:Motivation... by Anonymous Coward · 2018-02-07 08:10 · Score: 1
  
  The best prevention is warning them that their mom will find out.
  Works every time! Why do we even have prisons?
5. Re:Motivation... by Anonymous Coward · 2018-02-07 10:32 · Score: 0
  
  The truth is that serious penalties combined with a high likelihood of getting caught are what deters crime.
  
  I would debate that. At some point, the penalties become the same. For example, is my life really any more ruined if a) I am given the death penalty, b) I am given life in prison, c) I am given a long time in prison, or d) I went to prison for a short time, but now have to rebuild my life from scratch because I have no house, job, or prospects?
  In any of these cases my life and reputation are destroyed. If I get away with it, I'll be ahead. Thus what truely needs to be avoided is being caught. When your choices are limited, questionable choices with possible bad consequences look like a better gamble. And when the consequence is "your life will be ruined" - does the manner of how your life was ruined make that much of a difference? It's still ruined.
  Society teaches us this now. Take a look at Uber for example, or Volkswagon, or most entrepreneurs' lives. Lie, cheat and steal - just don't (personally) get caught.
6. Re: Motivation... by ScentCone · 2018-02-07 11:06 · Score: 1
  
  So, what you're saying is that you can't actually refute anything he's saying, so you're going to act like a whiny little anonymous child coward ... but one who actually agrees with what he says, since you're unable to refute it.
  
  --
  Don't disappoint your bird dog. Go to the range.
7. Re:Motivation... by Anonymous Coward · 2018-02-07 11:21 · Score: 0
  
  70% in 5 years? Citation needed.
8. Re:Motivation... by Anonymous Coward · 2018-02-07 13:51 · Score: 0
  
  That is right. The key is that raising the probability of getting prosecuted successfully and promptly to somewhere well above 50% is a prerequisite to getting any sort of deterrence out of punishment. Once getting caught is likely, then moderate punishment (and a stern warning does not constitute punishment; you need something where the punishment multiplied by the probability of getting caught significantly exceeds the benefit of getting away with the crime) will be at least a minimally adequate deterrent.
9. Re: Motivation... by Anonymous Coward · 2018-02-07 15:37 · Score: 0
  
  This is what I am talking about.
we're still doing the cyber thing? by Anonymous Coward · 2018-02-07 07:32 · Score: 0

can't it just be crime?
more payments happen electronically (ooooo cyberspaec) than traditionally (boooo meatspase)
1. Re: we're still doing the cyber thing? by Anonymous Coward · 2018-02-07 07:56 · Score: 0
  
  A/s/l?
I use APK's host file am I safe? by Anonymous Coward · 2018-02-07 08:33 · Score: 0

I use APK's hosts file engine am I safe? Should the institutions who this information was stolen from have used APK's hosts file engine to prevent the incursions into their systems? I really need to hear from APK so that I can get reliable and timely InfoSec advise on how to handle threats like this.
16 out of 11,000 members? by Bratch · 2018-02-07 09:14 · Score: 1

Only 16 out of nearly 11,000 members? I guess it's a start, but they still have a long way to go.

--
Beware of the Redittor who loans you a Sharpie.
What a shame by Lucas123 · 2018-02-07 09:16 · Score: 1

Thirty-six people were indicted out of 11,000 who stole more than half billion dollars. The lack of morality among these thousands of criminals is shocking. "In Fraud We Trust" is their motto. I wish every single one of them could see time behind bars.
1. Re:What a shame by xvan · 2018-02-07 10:55 · Score: 1
  
  Those 11000 were "clients" purchasing the CC numbers, not the one suppliers.
2. Re:What a shame by xvan · 2018-02-07 10:57 · Score: 1
  
  And 11000 was, probably, the number of accounts. Ie, not every ebay user has done at least one transaction,
Crime by odin24seven1774 · 2018-02-07 11:33 · Score: 1

It's only a crime cause we say it's a crime. First you make the criminal then punish the criminal. I would like to know if they are out side of the US. If they are then it would only be a crime if the country there in has laws against what they did. I for one don't give a shit about crimes against Non people. If it doesn't heart the individual then I'm all for it. It's only crimes against people that bother me. We have let the corporate world take over the world and tell us how to act and think we are all sheep. I hope one day the many people of the earth will take it back from the few that are controlling US ALL. Peace
1. Re:Crime by Anonymous Coward · 2018-02-07 12:41 · Score: 0
  
  Ignorant rant you got there.
  Taking something from another without their permission is considered a crime among even among non-human species.
2. Re: Crime by Anonymous Coward · 2018-02-07 15:18 · Score: 0
  
  Corporate America commits criminal acts all the time and they always get away with it very few people at that level ever get punished. Yet the individual gets punished more than anybody. How many wealthy American criminals actually ever see the inside of jail. So now who's ignorant.
They beat every government by Anonymous Coward · 2018-02-08 01:30 · Score: 0

but they were dumb enough to come to Vegas.
Really, that's all there is to the story.
There's a list decades long of scams that were busted when they came to Vegas.
Wearable computer?
Busted 40 years ago.
Next.