The US Department of Justice has unsealed an indictment against 36 members of the Infraud Organisation. The accused come from 17 countries and 13 people are already in custody. Infraud uses the strapline: “In Fraud We Trust” and in the last seven years is believed to have traded more than 4.3 millions credit, debit and bank cards.
David Rybicki, Deputy Assistant Attorney General in the Criminal Division at the US Department of Justice spoke about the indictment. He said: “Members of the Infraud Organization used the online forum to purchase and sell stolen credit card numbers, financial information, social security numbers, passwords and other personally identifying information; they advertised services that facilitated these activities and related, illicit financial transactions; and they disseminated malware.”
How effective was Infraud?
If the FBI numbers are even partially accurate the answer is very effective. Rybicki said the details they traded are led to: “approximately $2.2 billion in intended losses and over $530 million in actual losses to U.S. financial institutions, merchants and consumers. That makes this case one of the largest cyber fraud enterprise prosecutions ever undertaken by the Department of Justice.”
Infraud is believed to have over 11,000 members. Those indicted are believed to be key players and it will be interesting to see if those arrested give up more details of the organisation. One of the challenges will be the extreme secrecy that it operates under. Rybicki believes that few in the organisation have ever met each other and only communicate using a mix of online user accounts and anonymised identities.
To keep their secrecy, the organisation set up its own message systems and used other services to mask their communications. By using a mix of different cryptocurrency and digital payment services, they masked the movements of monies.
Who has been charged?
The US Department of Justice published the list of accused. It includes nationals from the UK, Ukraine, France, Pakistan, Moldova, USA, Egypt and Canada. Although 36 have been indicted, the DoJ has released only 32 names. The list, which also includes online aliases, is:
- Svyatoslav Bondarkeno of Ukraine;
- Amjad Ali aka “Amjad Ali Chaudary,” aka “RedruMZ,” aka “Amjad Chaudary,” 35, of Pakistan;
- Roland Patrick N’Djimbi Tchikaya aka “Darker,” aka “dark3r.cvv,” 37, of France;
- Miroslav Kovacevic aka “Goldjunge,” 32, of Serbia;
- Frederick Thomas aka “Mosto,” aka “1stunna,” aka “Bestssn,” 37, of Alabama;
- Osama Abdelhamed aka “MrShrnofr,” aka “DrOsama,” aka “DrOsama1,” 27, of Egypt;
- Besart Hoxha aka “Pizza,” 25, of Kosovo;
- Raihan Ahmed aka “Chan,” aka “Cyber Hacker,” aka “Mae Tony,” aka “Tony,” 26, of Bangladesh;
- Andrey Sergeevich Novak aka “Unicc,” aka “Faaxxx,” aka “Faxtrod” of the Russian Federation;
- Valerian Chiochiu aka “Onassis,” aka “Flagler,” aka “Socrate,” aka “Eclessiastes,” 28, of Moldova;
- John Doe #8 aka “Aimless88;”
- Gennaro Fioretti aka “DannyLogort,” aka “Genny Fioretti,” 56, of Italy;
- Edgar Rojas aka “Edgar Andres Viloria Rojas,” aka “Guapo,” aka “Guapo1988,” aka “Onlyshop,” 27, of Australia;
- John Telusma aka “John Westley Telusma,” aka “Peterelliot,” aka “Pete,” aka “Pette,” 33, of Brooklyn, New York;
- Rami Fawaz aka “Rami Imad Fawaz,” aka “Validshop,” aka “Th3d,” aka “Zatcher,” aka “Darkeyes,” 26, of Ivory Coast;
- Muhammad Shiraz aka “Moviestar,” aka “Leslie” of Pakistan;
- Jose Gamboa aka “Jose Gamboa-Soto,” aka “Rafael Garcia,” aka “Rafael101,” aka “Memberplex2006” aka “Knowledge,” 29, of Los Angeles, California;
- Alexey Klimenko aka “Grandhost,” 34, of Ukraine;
- Edward Lavoile aka “Eddie Lavoie,” aka “Skizo,” aka “Eddy Lavoile,” 29, of Canada;
- Anthony Nnamdi Okeakpu aka “Aslike1,” aka “Aslike,” aka “Moneymafia,” aka “Shilonng,” 29, of the United Kingdom;
- Pius Sushil Wilson aka “FDIC,” aka “TheRealGuru,” aka “TheRealGuruNYC,” aka “RealGuru,” aka “Po1son,” aka “1nfection,” aka “1nfected,” 31, of Flushing, New York;
- Muhammad Khan aka “CoolJ2,” aka “CoolJ,” aka “Secureroot,” aka “Secureroot1,” aka “Secureroot2,” aka “Mohammed Khan,” 41, of Pakistan;
- John Doe #7 aka “Muad’Dib;”
- John Doe #1 aka “Carlitos,” aka “TonyMontana;”
- David Jonathan Vargas aka “Cashmoneyinc,” aka “Avb,” aka “Poony,” aka “Renegade11,” aka “DvdSVrgs,” 33, of San Diego, California;
- John Doe #2;
- Marko Leopard aka “Leopardmk,” 28, of Macedonia;
- John Doe #4 aka “Best4Best,” aka “Wazo,” aka “Modmod,” aka “Alone1,” aka“Shadow,” aka “Banderas,” aka “Banadoura;”
- Liridon Musliu aka “Ccstore,” aka “Bowl,” aka “Hulk,” 26, of Kosovo;
- John Doe #5 aka “Deputat,” aka “Zo0mer;”
- Mena Mouries Abd El-Malak aka “Mina Morris,” aka “Source,” aka “Mena2341,” aka “MenaSex,” 34, of Egypt; and
- John Doe #6 aka “Goldenshop,”aka “Malov.”
What does this mean?
Once again this case shows just how organised and professional cybercrime has become. Anyone who fails to realise this just has to look at the number of people and sums of money involved. These organisations are also becoming experts at secrecy. It is this latter issue that is causing law enforcement and governments around the world to demand backdoors to encryption and secure communication software.
What is interesting about this case is that the DoJ decided to wait until 13 were in custody before making their announcement. While those arrested are part of the Infraud hierarchy only one comes from the top tier. How much information the US will be able to get before Infraud reorganises and changes its security protocols remains to be seen.
The most important thing is that the website has now been taken over by the DoJ. However, as we’ve seen before, these organisations have multiple layers of security and data protection. As with Silk Road and other cybercrime sites, there is every likelihood that those who are not under arrest will be moving to rebuild Infraud. For now, Infraud has been disrupted but it will take more than this to close it down.
