US law enforcement officials have arrested 24 suspected hackers, as part of a sting operation which spanned four continents and targeted online financial fraud.
In a two-year investigation, FBI agents posed as hackers on Internet forums, watching as other hackers swapped methods for breaching data security walls and creating fake credit cards that would work for Internet and in-person purchases.
The probe prevented $205 million in possible losses on over 411,000 compromised consumer credit and debit cards, US authorities in New York said.
Eleven people were arrested in the United States, the Federal Bureau of Investigation and the Manhattan US Attorney's office said. The thirteen others were arrested in countries from Britain to Japan and officials in Australia also conducted searches.
"Clever computer criminals operating behind the supposed veil of the internet are still subject to the long arm of the law," Manhattan US Attorney Preet Bharara said.
During the operation, the FBI said, it monitored the hackers' activities and contacted multiple institutions to show them how to repair their security breaches and protect themselves.
No credit card companies or banks were named in Tuesday's court documents.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
The 24 people arrested were all men aged 18 to 25. Some face up to 40 years or more in prison if convicted on conspiracy to commit wire fraud charges and access device fraud charges.
The FBI operation centered around a "carding forum" that it had secretly created in June 2010, and was in charge of running unbeknownst to its participants, authorities said.
The forum, called "Carder Profit," was essentially an online market for registered users to exchange stolen account numbers. It was shut down in May.
Two people were arrested in the New York area and were later released on bail after appearing in Manhattan federal court.
One of the men, Mir Islam, known online as "JoshTheGod," was charged with trafficking in 50,000 stolen credit card numbers. Authorities said Islam had admitted to helping emerging hacker outfit UgNazi, which said it had launched a cyber attack against the microblogging platform Twitter last week.
Islam, 18, who lives in the New York borough of the Bronx, appeared before US Magistrate Judge James Francis in flip-flop sandals and jeans. His parents, who are from Pakistan, watched the proceeding from a back bench. Islam was released on a $50,000 bond.
Fellow Bronx resident Joshua Hicks, 19, also known as "OxideDox," was charged with one count of access device fraud. Wearing red basketball shorts, Hicks was released on a $20,000 bond after a brief hearing before the same judge.
Meanwhile on Tuesday, the US Federal Trade Commission filed a complaint against Wyndham Worldwide and three subsidiaries, alleging that the hotel operator failed to keep customer data secure.
That failure resulted in the theft of hundreds of thousands of consumers payment card numbers, which were sent to an Internet address registered in Russia and $10.6 million in fraudulent charges, according to the complaint.
The cases are US v Joshua Hicks and US v. Mir Islam, U.S. District Court for the Southern District of New York, Nos 12-1639 and 12-1701
ITPro is a global business technology website providing the latest news, analysis, and business insight for IT decision-makers. Whether it's cyber security, cloud computing, IT infrastructure, or business strategy, we aim to equip leaders with the data they need to make informed IT investments.
For regular updates delivered to your inbox and social feeds, be sure to sign up to our daily newsletter and follow on us LinkedIn and Twitter.