Infraud Organization was an international cybercrime organization, operating between October 2010 and February 2018, that was involved in carding, stealing personal credit cards and online banking information.[1] The organization was created by Svyatoslav Bondarenko, a 34-year-old man from Ukraine. In February 2018, authorities in the United States indicted 36 individuals involved with the organization on charges of racketeering, conspiracy, possession of 15 or more access devices, and aiding and abetting. [2] As of February 2018, 13 of the 36 have been arrested. The US Justice Department stated that as of March 2017, the organization had 10,901 registered members[1] and was the "largest cyber fraud enterprise prosecutions ever undertaken by the Department of Justice" and had resulted in $530 million in actual losses, with an estimated $2.2 billion in intended losses.[3]

Infraud Organization
FormationOctober 2010
DissolvedFebruary 2018
TypeCriminal organization
Location
  • International
ServicesCarding
Membership
10,901

Presently (01/22/2022)

History

edit

The organization was formed by Svyatoslav, a 34-year-old man from Ukraine. He intended for the organization to grow into the internet's largest carding group.[1] The website was a place where vendors could advertise stolen or counterfeit credit cards or related items. According to the indictment, the first vendor to advertise their items was Muhammad Shiraz who advertised large dumps of stolen credit card details for sale.[3]


At the time of the date (1/22/2022)

FSB arrested members of this organization

According to the card file of the Tverskoy Court of Moscow, Andrey Novak was sent to a pre-trial detention center yesterday. TASS calls this person the alleged founder of the hacker group The Infraud Organization.  The operation was carried out with the assistance of American intelligence agencies, who were looking for him on charges of cyberfraud.

According to media reports, three more alleged members of the group were placed under house arrest.

A case was initiated against Novak under Part 2 of Art. 272 of the Criminal Code of Russia (illegal access to computer information).

Organization Roles

edit

The organization was split into different roles, the administrators, the super moderators, the moderators, vendors, VIP members and members.[2]

The administrators served as the governing council of the group, initially made up of "reputable" vendors. They handled management decisions, long-term strategic planning and managing of users of the site. Administrators had full privileges and access to the computer servers hosting Infraud's websites.

Super Moderators oversaw subject-matter specific areas of the forums which were either part of their expertise or was part of their geographical location. They were limited to editing and deleting posts by members as well as resolving disputes. They often reviewed other vendor's products or services which was in their area of expertise.

Moderators were similar to super moderators, however, they had less authority within the forums and were generally limited to moderating one or two specific sub-forums.

Vendors sold illicit product or services to other members of the organization which would usually be done through the vendor's website. Products or services would be reviewed by members to ensure that products which were purchased were of high quality and vendors of low-quality products or services did not remain in the organization.

VIP members were premiere members of the Infraud Organization. The role would be given to longstanding or notable members of the organization to distinguish them between members and vendors.

Members were general members of the organization who used the site to gather and provide information about perpetrating criminal activity as well as to use the vendors to facilitate unlawful purchases of credit card dumps and other illegal products or services.

Indictment

edit

The indictment was released on 7 February 2018. It listed 36 individuals who were alleged to be involved with the organization.[2] They are:

  • Svyatoslav Bondarenko, the founder of Infraud from Ukraine. He allegedly stopped posted on and/or using Infraud in 2015.
  • Aldo Ymeraj, an Albanian vendor who advertised credit card dumps.
  • Sergey Medvedev, the co-founder of Infraud and has been an active member since 2010. After Bondarenko disappeared in 2015, he took over as owner and administrator of Infraud after saying that Bondarenko had "gone missing".[3] Medvedev was arrested in Bangkok, Thailand with over 100,000 bitcoins (worth roughly $822 million at the time).[4]
  • Amjad Ali, a Pakistani member of Infraud since December 2010 who was promoted to Super Moderator status. He was involved with the sale of CVVs and purchased in excess of 130 compromised credit card dumps from Musliu.
  • Roland Patrick N’Djimbi Tchikaya, a French member of Infraud who was a vendor involved with the sale of CVVs. Tchikaya also purchased compromised credit card numbers from a vendor who is not listed in the indictment.
  • Arnaldo Sanchez, a VIP member of Infraud who advertised the sale of CVVs and credit card profile lookups.[5]
  • Miroslav Kovacevic, a Serbian member of Infraud who advertised the sale of plastics, templates and scans.
  • Fredrick Thomas, from Alabama who was a vendor for social security numbers and date of birth lookups.
  • Osalma Abdelhamed, an Egyptian vendor who sold credit card dumps and operator of multiple websites which he used to sell dumps. Abdelhamed also purchased multiple credit card numbers from Fawaz.
  • Besart Hoxha, a Kosovo vendor who advertised plastic card stock and holograms.
  • Raihan Ahmed Gut, a Bangladesh vendor for compromised PayPal accounts. Ahmed had purchased over 1,300 compromised PayPal logins from a vendor who is not listed in the indictment.
  • Andrey Sergeevich Novak, a Russian vendor for CVVs.
  • Valerian Chiochiu, a Moldovan who provided guidance to other members for the development, deployment and use of RAM point of sale malware as a means of harvesting stolen data.
  • Gennaro Fioretti, an Italian VIP member who made numerous illicit purchases from Infraud members.
  • Edgar Andres Viloria, an Australian VIP member. He purchased credit card dumps from Musliu.
  • John Telusma, a vendor from New York who provided cashout and drop services, as well as selling credit card dumps.
  • Rami Fawaz, a member from Ivory Coast who sold compromised account data.
  • Muhammed Shiraz, a Pakistani vendor of credit card dumps.
  • Jose Gamboa, a Californian vendor who advertised the sale of custom-built ATM skimmers.
  • Alexey Klimenko, a Ukraine vendor who advertised services which allowed people to create, operate, maintain and protect their own online contraband stores.
  • Edward Lavoile, a Canadian member who advertised the sale of CVVs which he had personally hacked.
  • Anthony Nnamdi Okeakpu, a UK super moderator for Infraud. Okeakpu purchased six compromised credit card fulls from Doe #8.
  • Pius Wilson, a VIP member from New York who was extremely active on Infraud forums.
  • Muhammad Khan, a Pakistani vendor who was assigned to checking stolen credit card numbers to check whether they were still operable or if they were shut down by the bank for fraud.
  • David Jonathan Vargas, a Californian vendor for carded travel services. Vargas purchased two CVVs from Musliu.
  • Marko Leopard, a vendor from North Macedonia who advertised services which allowed people to create, operate, maintain and protect their own online contraband stores.
  • Liridon Musliu, a vendor from Kosovo who advertised credit card dumps.
  • Mena Mouries El-Malak, an Egyptian vendor who advertised credit card dumps.

There are 8 others who are either unknown or deceased and is referred to as John Doe in the indictment.[2] They are:

  • John Doe #1, a vendor of credit card dumps.
  • John Doe #2, a vendor of drop services.
  • John Doe #3, a vendor of credit card dumps.
  • John Doe #4, a vendor of credit card dumps.
  • John Doe #5, a vendor of credit card dumps.
  • John Doe #6, a vendor of credit card dumps.
  • John Doe #7, a vendor of credit card dumps. Doe #7 used Medvedev's service to complete a criminal transaction.
  • John Doe #8, a vendor of compromised online bank logins. Doe #8 claimed that he had 795,000 HSBC logins for sale.[3]

According to the indictment, many vendors redirected traffic and potential purchases of their products to their own websites in order to complete the transaction. Each individual who owned a website has their website listed in the indictment. Some vendors occasionally gave out free credit card dumps or compromised PayPal logins for fun, to showcase their products.

The indictment contains information about the crimes the individuals face, the roles of the organization, a list of each individuals name and their alias used within the Infraud organization, a brief explanation of their part in Infraud and examples of some of the crimes each individual committed. The charges in the indictment are only allegations, and are presumed innocent until proven guilty.[2]

Infraud Takedown

edit

On 2 August 2017, an undercover Homeland Security Investigations agent posing as a member purchased 15 credit card dumps from Doe #6 and 15 from Novak. On 4 August 2017, the agent purchased 54 compromised credit card dumps from Novak and 15 more from Doe #6.[2]

A joint operation between the United States, European, Australian and Asian law enforcement agencies arrested thirteen defendants, as of 8 February 2018. The Infraud website was taken down and a message saying "This operation is a coordinated effort by United States, European, Australian and Asian law enforcement agencies to disrupt and dismantle the transnational criminal enterprise known as Infraud Organization".[3]

The thirteen arrested are: Sergey Medvedev, Roland Patrick N’Djimbi Tchikaya, Miroslav Kovacevic, Fredrick Thomas, Besart Hoxha, John Telusma, Jose Gamboa, David Jonathan Vargas, Liridon Musliu, Gennaro Fioretti, Edgar Andres Viloria Rojas, Pius Sushil Wilson and Edward Lavoile.[6]

Acting Assistant Attorney General Cronan from United States Department of Justice said that "as alleged in the indictment, Infraud operated like a business to facilitate cyberfraud on a global scale" and that "the Department of Justice refuses to allow these cybercriminals to use the perceived anonymity of the Internet as a shield for their crimes. We are committed to working closely with our international counterparts to identify, investigate, and bring to justice the perpetrators of these crimes, wherever in the world they operate." Acting Executive Associate Director Benner from Homeland Security Investigations mentioned that "criminal cyber organizations like Infraud threaten not just U.S. citizens but people in every corner of the globe" and that "the actions of computer hackers and identity thieves not only harm countless innocent Americans, but the threat they pose to our financial system and global commerce cannot be overstated".[2]

References

edit
  1. ^ a b c Westcott, Ben (8 February 2018). "International cyber crime ring smashed after more than $530 million stolen". CNN. Retrieved 8 February 2018.
  2. ^ a b c d e f g "Thirty-six Defendants Indicted for Alleged Roles in Transnational Criminal Organization Responsible for More than $530 Million in Losses from Cybercrimes". www.justice.gov. 7 February 2018. Retrieved 2018-02-20.
  3. ^ a b c d e Olding, Rachel (2018-02-08). "Australian man among 36 arrested in US cyberfraud takedown". The Sydney Morning Herald. Retrieved 2018-02-20.
  4. ^ "Thirty-Six Individuals Charged In Global Cybercrime Ring "Infraud" | JD Supra". JD Supra. Retrieved 2018-02-20.
  5. ^ https://dd80b675424c132b90b3-e48385e382d2e5d17821a5e1d8e4c86b.ssl.cf1.rackcdn.com/external/infraudsupersedingindictment.pdf [bare URL PDF]
  6. ^ "DOJ shuts down transnational cybercrime ring credited with over $530 million in losses". SecurityInfoWatch.com. Retrieved 2018-02-21.
edit