Three people were arrested as law enforcement agencies in the UK, US and Macedonia shut down 36 websites that were acting as online shops for stolen bank card data
The Serious Organised Crime Agency and the FBI have had 36 websites taken down because they were being used to sell stolen bank card data.
Three people were arrested as law enforcement agencies in the UK, US and Macedonia shut down 36 websites that were acting as online shops for stolen bank card data.Image credit: Sophos
SOCA
said on Thursday that the domains were removed in a "day of action"
that also involved the US Department of Justice (DoJ). As part of this, British police
arrested two men for allegedly buying large amounts of data from
the sites, while Macedonian authorities arrested one person in that
country.
"The sites, identified by SOCA as specialising in selling stolen
payment card and online bank account details, used e-commerce type
platforms known as Automated Vending Carts (AVCs) allowing criminals
to sell large quantities of stolen data quickly and easily," the agency said. "Visitors trying to access these sites are now directed
to a screen indicating that the web domain has been seized by law
enforcement."
It added that it has been working with the FBI, along with law
enforcement agencies in Germany, the Netherlands, Ukraine, Australia
and Romania, to recover stolen banking data and return it to the
banks, so that they can avoid further fraud.
As a result of that collaboration, which has been going on for the last two years, about 2.5 million items of data have been passed to financial institutions, with estimated
potential losses of £500m being avoided. The potential losses associated with the data
from the 36 newly shut sites will be on top of that
figure, according to a SOCA spokesman.
The agency refers to the sites, which were effectively standard
e-commerce-style services, as 'automated vending carts', or AVCs. Its spokesman said it does this because the term 'e-commerce'
"implies legitimacy", but pointed out that their similarity to online shops has increased over the last 18
months.
They mirror standard e-commerce sites in terms of how they are presented online and how you use them.
– SOCA
"They mirror standard e-commerce sites in terms of how they are
presented online and how you use them," he said. "It's a departure
from how stolen data used to be sold, which was via criminal forums
[and in the form of] slightly difficult-to-understand data."
"These are now sold on e-commerce-type platforms which provide
search menus and images of retailers' logos. You can just click and
check out," he explained.
Security firm Sophos Labs has posted a video showing how the
new-style sites work.
SOCA also said on Thursday that the UK's Dedicated Cheque & Plastic
Crime Unit (DCPCU) had seized several computers as part of the 'day of
action', suspecting that they had been used to "facilitate Fraud Act
offences".
Get the latest technology news and analysis, blogs and reviews
delivered directly to your inbox with ZDNet UK's
newsletters.