US Secret Service has arrested 19 people across nine states last week. The individuals were allegedly involved in buying and selling stolen debit and credit card information on a website called Carder.su, according to a press release on Friday.
Based in Las Vegas, five people were arrested in Las Vegas, and 14 more were arrested in California, Florida, New York, Georgia, Michigan, New Jersey, Ohio and West Virginia. The individuals are charged with conspiracy, racketeering and production and trafficking in false identification documents and access device cards, and were also allegedly involved in trading counterfeit documents and stolen bank account information.
The arrests come a couple of weeks after the FBI arrested five members of the hacking group LulzSec, after working with alleged LulzSec leader and FBI informant Sabu. At the end of February, Interpol announced that police in Europe and South America had arrested 25 alleged hackers as part of Anonymous.
It is unclear where the organization stole the information from, but any site owner that stores or processes credit card information may be interested in how this happened, and the investigation may point out some holes in the online credit card security process.
Whether or not the sites where the alleged criminals stole the information from were encrypted, or if they complied with PCI DSS requirements, remains to be seen. It would be interesting to see what kind of reprucussions there are for websites that request credit card information that fail to comply with PCI DSS.
While selling stolen credit card and bank account information certainly seem to be a substantial portion of the organization’s criminal activities, the group was also allegedly involved in stealing PayPal accounts. As online consumers use different methods to make online purchases, security providers have to adapt, though this is certainly not the first time PayPal has been linked to security and phishing issues.
The US Secret Service expects to arrest more individuals, as 50 people are charged in the investigation, called “Operation Open Market.” Authorities are in the process of finding defendants named in three sealed indictments. This is the first cybercrime case to result in a Racketeer Influenced Corrupt Organization indictment, the US Secret Service says.
Authorities executed a number of search warrants on Friday at the residences of several defnedants and seized electronic media, counterfeit credit card manufacturing plats and an ATM machine.
The leaders of the organization also alledgedly tested and provided reviews of services like money laundering, and stolen account data dumps from Europe, the Middle East, Asia and the US, according to the Wall Street Journal.
Talk back: How do you protect your customers from credit card fraud? Does your organization comply with PCI DSS? How do you think security providers need to adapt to new threats? Let us know in the comment section.