Petya Petrova - Fotolia

DoJ breaks up Infraud Organization with some help

The U.S. Department of Justice announced the shutdown of the Infraud Organization, which authorities claim is responsible for global cyberfraud losses in excess of $530 million.

The U.S. Department of Justice shut down one of the largest cyberfraud enterprises it has ever prosecuted.

The global cybercrime group, known as the "Infraud Organization," was blamed for over half a billion dollars in losses from the gang's activities. The Justice Department indicted 36 members of the group, and 13 individuals were arrested with cooperation from law enforcement agencies in six countries.

The rest of the alleged cyberfraudsters -- including the Infraud Organization's alleged co-founder Svyatoslav Bondarenko, a 34-year-old Ukrainian -- are still at large. According to the indictment, after Bondarenko dropped out of sight in 2015, co-founder Sergey Medvedev took over leadership of the group. Of the six members identified as being in the top two tiers of the organization's leadership, Medvedev was the only one apprehended. Most of the others arrested were vendors or VIP members of the group.

The group engaged in acts of financial fraud since October 2010, including "money laundering; trafficking in stolen means of identification; trafficking in, production and use of counterfeit identification; identity theft; trafficking in, production and use of unauthorized and counterfeit access devices; bank fraud; and wire fraud, as well as services associated with all of the above," the unsealed indictment stated.

Acting Assistant Attorney General John Cronan of the Justice Department's Criminal Division said that the Infraud Organization "operated like a business to facilitate cyberfraud on a global scale. Its members allegedly caused more than $530 million in actual losses to consumers, businesses and financial institutions alike -- and it is alleged that the losses they intended to cause amounted to more than $2.2 billion."

According to the indictment, the Infraud Organization aimed to be "the premier destination for carding," which refers to purchasing items with counterfeit or stolen credit card data. The group also sought to steer other cybercriminals to members' sites for trafficking in "stolen means of identification, personally identifying information, stolen financial and banking information, and other illicit goods." The Infraud Organization's forum was said to have almost 11,000 member accounts as of March 2017.

"The Department of Justice refuses to allow these cybercriminals to use the perceived anonymity of the Internet as a shield for their crimes," Cronan said. "We are committed to working closely with our international counterparts to identify, investigate, and bring to justice the perpetrators of these crimes, wherever in the world they operate."

Arrests were made of defendants located in the U.S., as well as France, the United Kingdom, Italy, Australia, Kosovo, Serbia and Albania; in all, the 36 individuals named in the indictment hailed from 17 different countries on five continents, including Pakistan, Egypt, Canada, Bangladesh, Russia, Moldova, Ivory Coast and Macedonia. The indictment stated that those charged operated the Infraud Organization from Las Vegas, the U.S. and "throughout the rest of the world."

The original indictment was filed on Oct. 31, 2017, in the U.S. District Court, District of Nevada, and charged the defendants with conspiracy to engage in a racketeer influenced and corrupt organization (also known as RICO). The indictment charges the defendants with operating automated websites for buying and selling illicit goods, providing web hosting services for criminal activities, selling "carded travel services" for booking travel services using stolen credit cards at a deep discount and other activities related to the criminal abuse of stolen payment cards.

DoJ shutdown of Infraud Organization
The Infraud Organization’s website was shut down and displayed this seizure notice after being taken over by law enforcement agencies.

Who in the world is the Infraud Organization?

Little information is available about the Infraud Organization other than what was revealed in the indictment. Domains infraud[.]cc, infraud[.]ws and infraud[.]su have previously been identified as potentially malicious, and a WordPress site titled "infraud underground carders blog" linked to infraud[.]cc in March 2011.

A video titled "infraud forum video archive," posted to YouTube on Jan. 3, 2011, shows screens from a carders' forum, and includes a shot of a posting by at least one of the pseudonyms listed in the indictment: Muad'Dib, which is the handle of defendant #25, otherwise identified as John Doe #7. Muad'Dib is also the name adopted by a fictional character in Frank Herbert's Dune series of novels.

Dig Deeper on Security operations and management

Enterprise Desktop
Cloud Computing