British police arrested three people and shut down 36 criminal-owned web domains on Friday, as part of a two year long international anti-fraud investigation by the UK's Serious and Organised Crime Agency (SOCA), the FBI and the US Department of Justice.
As part of the raids, 36 e-commerce websites used by cybercriminals to sell stolen credit card and bank account data were shut down, with all of them now redirecting to SOCA's "seized by law enforcement" takedown page. Law enforcement officials at SOCA estimate the card details seized could have been used to extract more than £500 million ($812m) by the fraudsters.
The three men are suspected of making large scale purchases of stolen credit card information from websites specializing in the sale of stolen payment card and online bank account details. Alongside the arrests, the UK's Dedicated Cheque and Plastic Crime Unit (DCPCU) has also seized a number of computers used to facilitate the offences under powers granted by the Fraud Act.
The arrests were far-reaching, with the Macedonian Ministry of Interior Cyber Crime Unit also arresting an Automated Vending Cart (AVC) e-commerce operator in the country, believed to be involved in the criminal enterprise. The joint task force, which also includes law enforcement officials from Germany, the Netherlands, Ukraine, Australia and Romania has so far seized over 2.5 million items of "compromised personal and financial information" over the course of the last two years.
With card theft on the rise, it appears that fraudsters are turning increasingly to automated methods of selling the proceeds of their thefts, according to SOCA. This has seen an increasing number of e-commerce websites using AVCs deployed in order to sell off spoils in a more industrialized fashion. Some of the stolen credentials were being sold for as little as £2 each on the criminal websites.
"This operation is an excellent example of the level of international cooperation being focused on tackling online fraud. Our activities have saved business, online retailers and financial institutions potential fraud losses estimated at more than half a billion pounds, and at the same time protected thousands of individuals from the distress caused by being a victim of fraud or identity crime," Lee Miles, head of Cyber Operations at SOCA said in a statement.