Romanian authorities dismantle cybercrime ring responsible for $25M credit card fraud
Sixteen suspected members of a cybercrime gang that stole credit card data from foreign companies were arrested
IDG News Service - Romanian law enforcement authorities have dismantled a criminal group that stole credit card data from foreign companies as part of an operation that resulted in fraudulent transactions totaling $25 million.
Officers from the country's organized crime police working with prosecutors from the Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT) executed 36 search warrants on Tuesday at residential addresses in several Romanian cities and arrested 16 individuals suspected of being members of the credit card fraud ring.
According to DIICOT, the group's members gained unauthorized access to computer systems belonging to foreign companies that operate gas stations and grocery stores, and installed computer applications designed to intercept credit card transaction data.
The applications were configured to store the captured data locally for later retrieval, upload it automatically to external servers or send it to email addresses controlled by the gang's members, the agency said. The stolen credit card information was then sold or used to create counterfeit cards.
For example, between December 2011 and October 2012 members of the group sold 68,000 credit cards at $4 each through a specialized online shop, making a profit of $270,000, DIICOT revealed.
The group opened several IT services companies in Romania and used them for the specific purpose of building and maintaining a computer infrastructure that would support its criminal operation, a DIICOT spokeswoman said Tuesday.
The spokeswoman confirmed that the companies targeted by the fraud ring are not from Romania, but declined to name them or reveal in which countries they operate because the investigation is ongoing.
The criminal operation resulted in fraudulent transactions totaling more than $25 million that were performed with 500,000 credit cards, the agency said Tuesday.
While 16 suspects have been arrested so far, DIICOT said it plans to bring in another 20 individuals for questioning in connection with the fraud operation.
The fact that the gang's members were able to capture credit card transaction data suggests that the affected companies did not use end-to-end encryption in order to protect the data while in transit from their payment terminals to their payment processors.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to... All Cybercrime and Hacking White Papers | Webcasts