A man suspected as one of the biggest sellers of stolen credit card data in the world -- Vladislav Anatolievich Horohorin, aka "BadB," from Moscow -- was arrested in Nice, France, this month, eight months after he'd been indicted in the U.S. by a federal grand jury for fraud and aggravated identity theft.
According to the Justice Department, which announced the arrest, the 27-year-old co-founded CarderPlanet, an online black market for stolen data that survived for years and became notorious even among the tech press. (I wrote about it in 2005 for Baseline magazine and it was no secret then. USA Today reporters Byron Acohido and Jon Swartz have also done some good reporting on it.)
This group went on to create "one of the most sophisticated organizations of online financial criminals in the world," according to Michael Merritt, assistant director for investigations at the U.S. Secret Service -- a network that has been "repeatedly linked to nearly every major intrusion of financial information reported to the international law enforcement community."
From the Secret Service:
Horohorin, who is a citizen of Israel and the Ukraine, allegedly used online criminal forums such as “CarderPlanet” and “carder.su” to sell stolen credit card information, known as “dumps,” to online purchasers around the world. According to the indictment, Horohorin, using the online name “BadB,” advertised the availability of stolen credit card information through these web forums, and directed purchasers to create accounts at “dumps.name,” a fully-automated dumps vending website operated by Horohorin and hosted outside the United States. The website was designed to assist in the exchange of funds for the stolen credit card information. Horohorin allegedly directed buyers to fund their “dumps.name” account using funds transferred by services including “Webmoney,” an online currency service hosted in Russia. The purchaser would then access the “dumps.name” website and select the desired stolen credit card data. Using an online undercover identity, U.S. Secret Service agents negotiated the sale of numerous stolen credit card dumps.
Clearly the Secret Service worked hard to catch BadB, if they conducted an online undercover operation. But why did it take so long?
A story in the New York Times today blames lack of cooperation from Russia:
Mr. Horohorin lived openly in Moscow. As a foreign citizen, he registered with the police, according to Dmitri Zakharov, a spokesman for the Russian Association of Electronic Communication, an industry lobby for legitimate Russian Internet businesses, who cited a database of such registries...Online fraud is not a high priority for the Russian police, Mr. Zakharov said, because most of it is aimed at computer users in Europe or the United States. “This is a main reason why spammers are not arrested,” he said.
The Times goes on to say that the U.S. and Russia differ on computer security, with the U.S. pushing for more cooperation on law enforcement while the Russians want an international treaty regulating the use of online weapons by spy agencies or the military.(Who's spying on whom here?)
The victims of these crimes tend to be American and European banks, credit card companies, and ultimately all of us.
A couple of months ago I wrote about Russian President Dmitry Medvedev's tour of Silicon Valley as a way to lure U.S. tech companies and venture capitalists to invest in Russia. (Cisco CEO John Chambers committed $1 billion to Russia over 10 years). As I reported here, more U.S. VCs and representatives of tech companies, along with California Governor Arnold Schwarzenegger, are scheduled to tour Russia this fall.
But the cybercrime issue is a big one, and it has to be addressed if Russia and the U.S. are to make progress. Russia has many educated, talented people, and they need a legitimate outlet for their skills.