U.S. indictments unsealed this week charge 38 people with being part of a multinational cyber-crime ring that fooled thousands of Americans into giving up credit card and bank information through “phishing” e-mails, and used it to steal millions of dollars.
The charges, filed in courts in California and Connecticut, were first announced Monday in Romania, where most of those charged live. Others accused in the two indictments live in the United States, Mexico, Vietnam and Cambodia.
Some are identified only by their Internet “screen names.”
The indictments charge an international conspiracy, in which Romanian spammers sent millions of so-called phishing e-mails purporting to come from banks or other financial services companies.
The e-mails asked the recipients to visit a bogus Web site to “confirm” their card details, ATM personal identification numbers and other information.
In one attack, a distributed denial of service (DDoS) attack was used to disable the real Web site of the bank from which the fake e-mails claimed to come, so customers would not be able check there.
The bogus Web sites were generally hosted on a server that, without its owner´s knowledge, had been hacked. It collected the card details and sent them to e-mail addresses the spammers had established.
The spammers then sent the details to accomplices in the United States, using Internet “instant chat” services.
The accomplices, or cashiers, used the data and special encoding equipment to make clones of the cards by altering hotel room key cards or other cards with a magnetic strip.
The cloned cards were tested by making small withdrawals from automated teller machines (ATMs), and those that worked were then used to withdraw cash from the victims´ accounts. Finally, the cashiers wired a portion of the proceeds back to the spammers.
“We believe these criminals defrauded literally thousands of individual victims out of several million dollars,” said Deputy U.S. Attorney General Mark R. Filip on Monday in Bucharest, as nine people were arrested in California and the Romanian General Inspectorate of Police served a number of search warrants.
Mr. Filip said the case is the result of a joint investigation by U.S. and Romanian authorities and demonstrates the close cooperation between the two countries to fight global organized crime.
“International organized criminals who exploit the power and convenience of the Internet do not recognize national borders. Our efforts to stop them cannot end at our borders either,” he said.
In the California case, one cashier in the scheme, Seuong Wook Lee, has pleaded guilty in U.S. District Court in Los Angeles to racketeering conspiracy, bank fraud, access device fraud and unauthorized access of a protected computer.