Feds take over online counterfeit card webshop, arrest its operators
Posted on 27 January 2014.
Three men who allegedly ran a one-stop online shop selling counterfeit credit cards and holographic overlays to be used by criminals to make fake identifications, face federal charges in an ongoing investigation that has already resulted in 11 additional arrests, including a customer facing federal charges.



Sean Roberson, 39, of Palm Bay, Fla., who allegedly ran the site, is charged with conspiracy to commit wire fraud; conspiracy to traffic in counterfeit goods or services; and conspiracy to commit fraud and related activity in connection with authentication features.

A superseding indictment returned today in the Western District of North Carolina charges Roberson’s two conspirators, Vinicio Gonzalez, 30, of Melbourne, Fla., and Hugo Rebaza, 31, of Palm Bay, Fla. with conspiracy to traffic in counterfeit goods and conspiracy to commit mail fraud, wire fraud and bank fraud.

The superseding indictment also charges a customer of the website, Nashancy Johnny Colbert, 27, of Charlotte, N.C., with one count of conspiracy to commit mail fraud, wire fraud and bank fraud.

The FBI and the USPIS have been investigating the online retail shop, fakeplastic.net, since January 2013.

Roberson began selling counterfeit cards and related items as early as April 2011 and launched the fakeplastic website in June 2012. Roberson owned and operated the site with the assistance of Gonzalez and Rebaza. Since April 2011, Roberson and his conspirators fulfilled orders for approximately 69,000 counterfeit credit cards – both embossed and unembossed – more than 35,000 holographic stickers used to make counterfeit cards appear more legitimate and more than 30,000 state identification card holographic overlays. The orders – more than 3,600 parcels – were shipped through the U.S. Mail.

Gonzalez was primarily responsible for manufacturing the counterfeit payment cards, packaging the contraband for mailing and placing U.S. Express Mail envelopes in the mail for delivery to the fakeplastic customers. The conspirators used a storage facility in Florida to store supplies and to manufacture the counterfeit payment cards and Gonzalez frequently visited the storage unit to create the custom-embossed cards and to prepare mail packages. Law enforcement arrested Gonzalez on Dec. 4, 2013, while he was in the storage space – seizing computers, printers, counterfeit cards, an embosser and other contraband.

Rebaza was a “runner” for the criminal operation, responsible for picking up packages containing criminal proceeds and supplies from a “mail drop” for the fakeplastic website.

Colbert was a members-only customer of the website, who placed and received orders of counterfeit payment cards delivered to him through the mail. Law enforcement executed a search warrant on Jan. 3, 2014, at Colbert’s Charlotte residence seizing, among other things, 41 counterfeit payment cards embossed with Colbert’s name or the names of other individuals. Law enforcement also recovered a discarded U.S. Express Mail envelope sent from the fakeplastic website.

Using a conservative estimate of loss of $500 associated with each counterfeit payment card (derived from the federal sentencing guidelines estimation of loss associated with stolen payment card information), law enforcement estimates the losses associated with just the counterfeit payment cards trafficked by Roberson and his conspirators at more than $34.5 million. Roberson personally made more than $1.7 million from the scheme.

The fakeplastic website was used by various groups of criminals across the country often referred to as “carding” or “cash out” crews. These crews buy stolen payment card numbers and related information – referred to as “track data” or “dumps” – which typically appear on the magnetic stripe on the back of legitimate payment cards. Illegal vendors of that information usually get it through hacking or skimming operations involving the installation of specialized equipment at ATM locations or point-of-sale terminals. The stolen data is ultimately put on a blank card and used to make unauthorized transactions.

More sophisticated cash out operations use custom-made counterfeit payment cards embossed with the same account numbers that have been encoded on the back of the card, and often acquire fake identification cards in order to reduce the likelihood of detection from law enforcement.

The criminal underground has evolved from fractured, regional operations to an Internet-based market where buyers and sellers across the globe can advertise, purchase and transmit stolen track data. The fakeplastic website brought the physical tools needed by cash out operations to the world of e-commerce, as it eliminated the need for crews to purchase expensive hardware.

By December 2013, the site had more than 400 members. Members with access to the fakeplastic website and seeking to purchase counterfeit payment cards could browse the website’s available counterfeit card templates. Members could then choose whether to input specific information to be embossed on the cards and whether they wanted additional authentication features – such as holographic stickers.

At one time the website accepted Liberty Reserve online currency, but shortly after federal charges against Liberty Reserve were made public in the Southern District of New York in May 2013, the fakeplastic website stopped accepting that currency and began accepting Bitcoin, a cryptographic-based digital currency. As set forth on the site’s “news” section, Bitcoin was viewed as a “safe” and “anonymous” method of payment for contraband.

The FBI and U.S. Postal Inspection Service (USPIS) assumed control of the website, fakeplastic.net, on Dec. 5, 2013, and made more than 30 controlled deliveries of ordered materials – not allowing those materials to leave law enforcement control.

The complaint filed against Roberson can be viewed here, but Brian Krebs has a good (and shorter) write-up on how the authorities managed to tied him to the website.





Spotlight

Almost 1 in 10 Android apps are now malware

Posted on 28 July 2014.  |  Cheetah Mobile Threat Research Labs analyzed trends in mobile viruses for Q1 and Q2 of 2014. Pulling 24.4 million sample files they found that 2.2 million files had viruses. This is a 153% increase from the number of infected files in 2013.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Jul 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //