Latest news
Internet fraudsters jailed for online criminal forum
Posted on 04 March 2011.
A group of young internet fraudsters who set up an online criminal forum which traded unlawfully obtained credit card details and tools to commit computer offences were jailed for a total of 15 and half years. All pleaded guilty.
The gang are believed to have been responsible for the largest English-language online cyber crime forum and were all arrested on various dates in 2009 and 2010, following a complex investigation.
During an eleven month investigation detectives uncovered evidence that the defendants were directly involved in the global forum (used by over 8,000 members) which promoted and facilitated:
An examination of the rebuilt forum and its database revealed many thousands of data entries relating to individuals' personal details including names, dates of birth, bank details, passwords, PayPal accounts and social security numbers. Site members are believed to have traded in compromised databases containing thousands of personal details including bank account numbers, PIN numbers, passwords and malware including the Zeus Trojan and other types of criminal software, including credit card verification programs.
During the investigation detectives recovered from the defendants’ computers more than 130,000 compromised credit card numbers, which at an estimated industry loss of £120 per card, is a potential £15.8 million financial loss in relation to card numbers alone.
On 3 November 2009 detectives arrested Gary Paul Kelly after executing a search warrant at his home address. A full search of the property was conducted, with a number of computers and mobile phones removed from the address for examination.
It was established that Kelly had independently constructed and distributed across the web a sophisticated Zeus malicious computer program which enabled him to infect and compromise over 15,000 computers in over 150 countries, harvesting from them over 4 million lines of data – including huge quantities of credit card numbers and other confidential, personal information.
Having been provided with relevant passwords by Kelly, detectives were able to rebuild the GhostMarket forum and its database using files from his PC.
Prior to this, on 12 October Nicholas Webber and Ryan Thomas were arrested at a five star central London hotel for using stolen credit card details to pay for accommodation in the penthouse suite. They claimed to have responded to an online advert, saying they had paid money to an anonymous individual.
Bailed to return whilst officers conducted further inquiries, items including their laptops were seized. In addition they were found to be in possession of business cards brandishing the 'GhostMarket' logo, advertising it as “A new era in virtual marketing” with the by-line “I’m a carder, ask about me...”
The duo's involvement in the 'GhostMarket' criminal forum was soon established and inquiries were made to trace them after they fail to return on bail in relation to the stolen credit card offence.
It was later discovered that on 31 October the pair had flown out to Palma, Majorca, where they had been living in a rented flat in Port D'andrax.
On 29 January 2010 they were arrested at Gatwick Airport as they flew in from Palma.
The following day a search of Webber's home address revealed a computer containing a series of files outlining a step-by-step guide to committing various criminal offences.
Owing to the volume of evidence to be examined and the complexities of the case, the pair were released on police bail to return at a later date.
Officers subsequently travelled to Spain and, accompanied by Spanish Police, attended the flat Thomas and Webber had rented out. The property was empty, but local enquiries established that the contents had been posted back to their UK addresses.
Those items, as well as additional computer equipment, were subsequently recovered.
Through the forensic examination of seized computers and other digital storage devices, as well as evidence secured through the rebuilt Ghostmarket site, officers identified Shakira Ricardo, a trusted member of the forum. Initially joining the site as a complete novice, over time Ricardo had progressed to become directly engaged in card fraud and computer malware activity.
Financial enquiries identified a payment made from Ricardo into her partner Worley's bank account, incriminating her in the fraud.
The gang are believed to have been responsible for the largest English-language online cyber crime forum and were all arrested on various dates in 2009 and 2010, following a complex investigation.
During an eleven month investigation detectives uncovered evidence that the defendants were directly involved in the global forum (used by over 8,000 members) which promoted and facilitated:
- The electronic theft of personal information
- Credit and debit card fraud; buying and selling of personal information (including passwords and PIN numbers)
- The creation and exchange of malicious computer programs (malware)
- The establishment and maintenance of networks of infected personal computers (botnets)
- Tutorials offering advice on how to commit such offences, including how to evade and frustrate law enforcement activity and the exchange of details of vulnerable commercial sites and servers.
An examination of the rebuilt forum and its database revealed many thousands of data entries relating to individuals' personal details including names, dates of birth, bank details, passwords, PayPal accounts and social security numbers. Site members are believed to have traded in compromised databases containing thousands of personal details including bank account numbers, PIN numbers, passwords and malware including the Zeus Trojan and other types of criminal software, including credit card verification programs.
During the investigation detectives recovered from the defendants’ computers more than 130,000 compromised credit card numbers, which at an estimated industry loss of £120 per card, is a potential £15.8 million financial loss in relation to card numbers alone.
On 3 November 2009 detectives arrested Gary Paul Kelly after executing a search warrant at his home address. A full search of the property was conducted, with a number of computers and mobile phones removed from the address for examination.
It was established that Kelly had independently constructed and distributed across the web a sophisticated Zeus malicious computer program which enabled him to infect and compromise over 15,000 computers in over 150 countries, harvesting from them over 4 million lines of data – including huge quantities of credit card numbers and other confidential, personal information.
Having been provided with relevant passwords by Kelly, detectives were able to rebuild the GhostMarket forum and its database using files from his PC.
Prior to this, on 12 October Nicholas Webber and Ryan Thomas were arrested at a five star central London hotel for using stolen credit card details to pay for accommodation in the penthouse suite. They claimed to have responded to an online advert, saying they had paid money to an anonymous individual.
Bailed to return whilst officers conducted further inquiries, items including their laptops were seized. In addition they were found to be in possession of business cards brandishing the 'GhostMarket' logo, advertising it as “A new era in virtual marketing” with the by-line “I’m a carder, ask about me...”
The duo's involvement in the 'GhostMarket' criminal forum was soon established and inquiries were made to trace them after they fail to return on bail in relation to the stolen credit card offence.
It was later discovered that on 31 October the pair had flown out to Palma, Majorca, where they had been living in a rented flat in Port D'andrax.
On 29 January 2010 they were arrested at Gatwick Airport as they flew in from Palma.
The following day a search of Webber's home address revealed a computer containing a series of files outlining a step-by-step guide to committing various criminal offences.
Owing to the volume of evidence to be examined and the complexities of the case, the pair were released on police bail to return at a later date.
Officers subsequently travelled to Spain and, accompanied by Spanish Police, attended the flat Thomas and Webber had rented out. The property was empty, but local enquiries established that the contents had been posted back to their UK addresses.
Those items, as well as additional computer equipment, were subsequently recovered.
Through the forensic examination of seized computers and other digital storage devices, as well as evidence secured through the rebuilt Ghostmarket site, officers identified Shakira Ricardo, a trusted member of the forum. Initially joining the site as a complete novice, over time Ricardo had progressed to become directly engaged in card fraud and computer malware activity.
Financial enquiries identified a payment made from Ricardo into her partner Worley's bank account, incriminating her in the fraud.
Spotlight
A closer look at Mega cloud storage
Posted on 21 May 2013. | Once a novelty, nowadays many cloud storage services are fighting for their piece of the market in the virtual world. Mega offers 50GB of free space with great pricing on Pro accounts.
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
Ransomware adds password stealing to its arsenal
Posted on 17 May 2013. | Microsoft researchers are warning about a new variant of the well-known Reveton ransomware doing rounds.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Daily digest
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
Weekly newsletter
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
