Saturday, March 24, 2007

FBI is going after Internet crime in Russia and Romania

A lot of experts believe that carder forums (selling stolen personal and financial details) are run overseas by Romanian and Russian organized crime.

Nate Anderson (ars technica) wrote an interesting article about this, where he said:

One American in Virginia, who goes by the Internet nick "John Dillinger," agreed to cooperate with "vendors" from Eastern Europe. These groups "acquired" credit card numbers, then sent them by e-mail and instant message to Dillinger, who then encoded them onto credit cards. He then took these credit cards to ATMs and made cash withdrawals; a percentage of the money was then sent back to the "vendor" and Dillinger kept the rest. Dillinger was eventually busted by the feds, though, and was sentenced in February 2007 to 94 months in jail.

This is a good example of how the Internet is enabling a global identity theft crisis.

Apparently, the problem is big enough for the FBI to send assets to Romania and Russia to go after the problem.

Of course, since most of the stolen information comes from the West, I guess that it means the Russians and Romanians are sending assets abroad or recruiting them there, also.

Nate's article, here.

In the past few days, 6 arrests in Florida are being tied into the TJX data breach (which might be the largest known compromise) to date.

Although, no one seems to be saying for sure, I doubt the six arrested are the main players in the TJX breach. They probably purchased the information, elsewhere.

The total damage being reported in the Florida case is $8 million. The case was identified when the perps made some (extremely) large gift card purchases.

Maybe that's why they got caught, or they got (slightly) greedy?

IT also probably isn't entirely fair to keep publishing the TJX breach. Personal and financial details have been stolen from a LOT of places. The known places can be viewed at, here.

This is a global problem and it's going to take a global effort to put a stop to it!


Shelly said...

Hi. I really like your blog. Was wondering if you want to add it to my directory? Thanks Shelly

Jeremy said...

Personal information was also at risk in some of the outsourced call centers in India. The problem existed where employees would write down credit card information and either use it themselves or sell it on the street. In some cases this caused some American companies to think twice about outsourcing further because they couldn't guarantee the safety of their customer's credit card information.

Ed Dickson said...

Personal information is at risk everywhere. TJX just filed with the SEC and understated (reported only what they knew for sure) that 47.5 million records were compromised.

Most experts believe the true number is substantially higher.

Besides major hacking incidents, payment cards are skimmed all over the US and Europe with devices that can be bought on eBay. If eBay isn't good enough - there are even hacking sites (, which specialize in selling the hardware.

These devices (easily bought)can be planted on point of sale systems, ATM machines and there are portable ones used by employees at restaurants. Some of them use wireless technology.

There are dishonest employees everywhere - retailers, banks and call centers. Gangs even plant personnel in these places to steal information.

We can blame India, but the truth is they are moving very quickly to enact legislation to protect their information. Sadly, much faster than we are.

We might stand to learn from their example.