Infraud Organization

Infraud Organization
Formation	October 2010
Dissolved	February 2018
Type	Criminal organization
Location	International;
Services	Carding
Membership	10,901

Last updated December 15, 2023

Infraud Organization was an international cybercrime organization, operating between October 2010 and February 2018, that was involved in carding, stealing personal credit cards and online banking information.^[1] The organization was created by Svyatoslav Bondarenko, a 34-year-old man from Ukraine. In February 2018, authorities in the United States indicted 36 individuals involved with the organization on charges of racketeering, conspiracy, possession of 15 or more access devices, and aiding and abetting. ^[2] As of February 2018, 13 of the 36 have been arrested. The US Justice Department stated that as of March 2017, the organization had 10,901 registered members^[1] and was the "largest cyber fraud enterprise prosecutions ever undertaken by the Department of Justice" and had resulted in $530 million in actual losses, with an estimated $2.2 billion in intended losses.^[3]

History

The organization was formed by Svyatoslav, a 34-year-old man from Ukraine. He intended for the organization to grow into the internet's largest carding group.^[1] The website was a place where vendors could advertise stolen or counterfeit credit cards or related items. According to the indictment, the first vendor to advertise their items was Muhammad Shiraz who advertised large dumps of stolen credit card details for sale.^[3]

At the time of the date (1/22/2022)

FSB arrested members of this organization

According to the card file of the Tverskoy Court of Moscow, Andrey Novak was sent to a pre-trial detention center yesterday. TASS calls this person the alleged founder of the hacker group The Infraud Organization. The operation was carried out with the assistance of American intelligence agencies, who were looking for him on charges of cyberfraud.

According to media reports, three more alleged members of the group were placed under house arrest.

A case was initiated against Novak under Part 2 of Art. 272 of the Criminal Code of Russia (illegal access to computer information).

Organization Roles

The organization was split into different roles, the administrators, the super moderators, the moderators, vendors, VIP members and members.^[2]

The administrators served as the governing council of the group, initially made up of "reputable" vendors. They handled management decisions, long-term strategic planning and managing of users of the site. Administrators had full privileges and access to the computer servers hosting Infraud's websites.

Super Moderators oversaw subject-matter specific areas of the forums which were either part of their expertise or was part of their geographical location. They were limited to editing and deleting posts by members as well as resolving disputes. They often reviewed other vendor's products or services which was in their area of expertise.

Moderators were similar to super moderators, however, they had less authority within the forums and were generally limited to moderating one or two specific sub-forums.

Vendors sold illicit product or services to other members of the organization which would usually be done through the vendor's website. Products or services would be reviewed by members to ensure that products which were purchased were of high quality and vendors of low-quality products or services did not remain in the organization.

VIP members were premiere members of the Infraud Organization. The role would be given to longstanding or notable members of the organization to distinguish them between members and vendors.

Members were general members of the organization who used the site to gather and provide information about perpetrating criminal activity as well as to use the vendors to facilitate unlawful purchases of credit card dumps and other illegal products or services.

Indictment

The indictment was released on 7 February 2018. It listed 36 individuals who were alleged to be involved with the organization.^[2] They are:

Svyatoslav Bondarenko, the founder of Infraud from Ukraine. He allegedly stopped posted on and/or using Infraud in 2015.
Aldo Ymeraj, an Albanian vendor who advertised credit card dumps.
Sergey Medvedev, the co-founder of Infraud and has been an active member since 2010. After Bondarenko disappeared in 2015, he took over as owner and administrator of Infraud after saying that Bondarenko had "gone missing".^[3] Medvedev was arrested in Bangkok, Thailand with over 100,000 bitcoins (worth roughly $822 million at the time).^[4]
Amjad Ali, a Pakistani member of Infraud since December 2010 who was promoted to Super Moderator status. He was involved with the sale of CVVs and purchased in excess of 130 compromised credit card dumps from Musliu.
Roland Patrick N’Djimbi Tchikaya, a French member of Infraud who was a vendor involved with the sale of CVVs. Tchikaya also purchased compromised credit card numbers from a vendor who is not listed in the indictment.
Arnaldo Sanchez, a VIP member of Infraud who advertised the sale of CVVs and credit card profile lookups.^[5]
Miroslav Kovacevic, a Serbian member of Infraud who advertised the sale of plastics, templates and scans.
Fredrick Thomas, from Alabama who was a vendor for social security numbers and date of birth lookups.
Osalma Abdelhamed, an Egyptian vendor who sold credit card dumps and operator of multiple websites which he used to sell dumps. Abdelhamed also purchased multiple credit card numbers from Fawaz.
Besart Hoxha, a Kosovo vendor who advertised plastic card stock and holograms.
Raihan Ahmed Gut, a Bangladesh vendor for compromised PayPal accounts. Ahmed had purchased over 1,300 compromised PayPal logins from a vendor who is not listed in the indictment.
Andrey Sergeevich Novak, a Russian vendor for CVVs.
Valerian Chiochiu, a Moldovan who provided guidance to other members for the development, deployment and use of RAM point of sale malware as a means of harvesting stolen data.
Gennaro Fioretti, an Italian VIP member who made numerous illicit purchases from Infraud members.
Edgar Andres Viloria, an Australian VIP member. He purchased credit card dumps from Musliu.
John Telusma, a vendor from New York who provided cashout and drop services, as well as selling credit card dumps.
Rami Fawaz, a member from Ivory Coast who sold compromised account data.
Muhammed Shiraz, a Pakistani vendor of credit card dumps.
Jose Gamboa, a Californian vendor who advertised the sale of custom-built ATM skimmers.
Alexey Klimenko, a Ukraine vendor who advertised services which allowed people to create, operate, maintain and protect their own online contraband stores.
Edward Lavoile, a Canadian member who advertised the sale of CVVs which he had personally hacked.
Anthony Nnamdi Okeakpu, a UK super moderator for Infraud. Okeakpu purchased six compromised credit card fulls from Doe #8.
Pius Wilson, a VIP member from New York who was extremely active on Infraud forums.
Muhammad Khan, a Pakistani vendor who was assigned to checking stolen credit card numbers to check whether they were still operable or if they were shut down by the bank for fraud.
David Jonathan Vargas, a Californian vendor for carded travel services. Vargas purchased two CVVs from Musliu.
Marko Leopard, a vendor from North Macedonia who advertised services which allowed people to create, operate, maintain and protect their own online contraband stores.
Liridon Musliu, a vendor from Kosovo who advertised credit card dumps.
Mena Mouries El-Malak, an Egyptian vendor who advertised credit card dumps.

There are 8 others who are either unknown or deceased and is referred to as John Doe in the indictment.^[2] They are:

John Doe #1, a vendor of credit card dumps.
John Doe #2, a vendor of drop services.
John Doe #3, a vendor of credit card dumps.
John Doe #4, a vendor of credit card dumps.
John Doe #5, a vendor of credit card dumps.
John Doe #6, a vendor of credit card dumps.
John Doe #7, a vendor of credit card dumps. Doe #7 used Medvedev's service to complete a criminal transaction.
John Doe #8, a vendor of compromised online bank logins. Doe #8 claimed that he had 795,000 HSBC logins for sale.^[3]

According to the indictment, many vendors redirected traffic and potential purchases of their products to their own websites in order to complete the transaction. Each individual who owned a website has their website listed in the indictment. Some vendors occasionally gave out free credit card dumps or compromised PayPal logins for fun, to showcase their products.

The indictment contains information about the crimes the individuals face, the roles of the organization, a list of each individuals name and their alias used within the Infraud organization, a brief explanation of their part in Infraud and examples of some of the crimes each individual committed. The charges in the indictment are only allegations, and are presumed innocent until proven guilty.^[2]

Infraud Takedown

On 2 August 2017, an undercover Homeland Security Investigations agent posing as a member purchased 15 credit card dumps from Doe #6 and 15 from Novak. On 4 August 2017, the agent purchased 54 compromised credit card dumps from Novak and 15 more from Doe #6.^[2]

A joint operation between the United States, European, Australian and Asian law enforcement agencies arrested thirteen defendants, as of 8 February 2018. The Infraud website was taken down and a message saying "This operation is a coordinated effort by United States, European, Australian and Asian law enforcement agencies to disrupt and dismantle the transnational criminal enterprise known as Infraud Organization".^[3]

The thirteen arrested are: Sergey Medvedev, Roland Patrick N’Djimbi Tchikaya, Miroslav Kovacevic, Fredrick Thomas, Besart Hoxha, John Telusma, Jose Gamboa, David Jonathan Vargas, Liridon Musliu, Gennaro Fioretti, Edgar Andres Viloria Rojas, Pius Sushil Wilson and Edward Lavoile.^[6]

Acting Assistant Attorney General Cronan from United States Department of Justice said that "as alleged in the indictment, Infraud operated like a business to facilitate cyberfraud on a global scale" and that "the Department of Justice refuses to allow these cybercriminals to use the perceived anonymity of the Internet as a shield for their crimes. We are committed to working closely with our international counterparts to identify, investigate, and bring to justice the perpetrators of these crimes, wherever in the world they operate." Acting Executive Associate Director Benner from Homeland Security Investigations mentioned that "criminal cyber organizations like Infraud threaten not just U.S. citizens but people in every corner of the globe" and that "the actions of computer hackers and identity thieves not only harm countless innocent Americans, but the threat they pose to our financial system and global commerce cannot be overstated".^[2]

Related Research Articles

The point of sale (POS) or point of purchase (POP) is the time and place at which a retail transaction is completed. At the point of sale, the merchant calculates the amount owed by the customer, indicates that amount, may prepare an invoice for the customer, and indicates the options for the customer to make payment. It is also the point at which a customer makes a payment to the merchant in exchange for goods or after provision of a service. After receiving payment, the merchant may issue a receipt for the transaction, which is usually printed but can also be dispensed with or sent electronically.

The subscription business model is a business model in which a customer must pay a recurring price at regular intervals for access to a product or service. The model was pioneered by publishers of books and periodicals in the 17th century, and is now used by many businesses, websites and even pharmaceutical companies in partnership with the government.

Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or networks. These crimes involve the use of technology to commit fraud, identity theft, data breaches, computer viruses, scams, and expanded upon in other malicious acts. Cybercriminals exploit vulnerabilities in computer systems and networks to gain unauthorized access, steal sensitive information, disrupt services, and cause financial or reputational harm to individuals, organizations, and governments.

Cost per action (CPA), also sometimes misconstrued in marketing environments as cost per acquisition, is an online advertising measurement and pricing model referring to a specified action, for example, a sale, click, or form submit.

<span class="mw-page-title-main">ShadowCrew</span> Cybercrime forum (2002–2004)

ShadowCrew was a cybercrime forum that operated under the domain name ShadowCrew.com between August 2002 and November 2004.

Chargeback fraud, also known as friendly fraud, cyber shoplifting, or liar-buyer fraud, occurs when a consumer makes an online shopping purchase with their own credit card, and then requests a chargeback from the issuing bank after receiving the purchased goods or services. Once approved, the chargeback cancels the financial transaction, and the consumer receives a refund of the money they spent. Dependent on the payment method used, the merchant can be accountable when a chargeback occurs.

The Payment Card Industry Data Security Standard is an information security standard used to handle credit cards from major card brands. The standard is administered by the Payment Card Industry Security Standards Council, and its use is mandated by the card brands. It was created to better control cardholder data and reduce credit card fraud. Validation of compliance is performed annually or quarterly with a method suited to the volume of transactions:

The payment card industry (PCI) denotes the debit, credit, prepaid, e-purse, ATM, and POS cards and associated businesses.

A controlled payment number, disposable credit card or virtual credit card is an alias for a credit card number, with a limited number of transactions, and an expiration date between two and twelve months from the issue date. This "alias" number is indistinguishable from an ordinary credit card number, and the user's actual credit card number is never revealed to the merchant.

In a supply chain, a vendor, supplier, provider or a seller, is an enterprise that contributes goods or services. Generally, a supply chain vendor manufactures inventory/stock items and sells them to the next link in the chain. Today, these terms refer to a supplier of any goods or service.

Credit card fraud is an inclusive term for fraud committed using a payment card, such as a credit card or debit card. The purpose may be to obtain goods or services or to make payment to another account, which is controlled by a criminal. The Payment Card Industry Data Security Standard is the data security standard created to help financial institutions process card payments securely and reduce card fraud.

A credit card is a payment card, usually issued by a bank, allowing its users to purchase goods or services or withdraw cash on credit. Using the card thus accrues debt that has to be repaid later. Credit cards are one of the most widely used forms of payment across the world.

Performance-based advertising, also known as pay for performance advertising, is a form of advertising in which the purchaser pays only when there are measurable results. Performance-based advertising is becoming more common with the spread of electronic media, notably the Internet, where it is possible to measure user actions resulting from advertisement. Performance marketing is different from Brand Marketing which focuses on awareness, consideration and opinions among target consumers.

DarkMarket was an English-speaking internet cybercrime forum. It was created by Renukanth Subramaniam in London, and was shut down in 2008 after FBI agent J. Keith Mularski infiltrated it using the alias Master Splyntr, leading to more than 60 arrests worldwide. Subramaniam, who used the alias JiLsi, admitted conspiracy to defraud and was sentenced to nearly five years in prison in February 2010.

<span class="mw-page-title-main">Card security code</span> Security feature on payment cards

A card security code is a series of numbers that, in addition to the bank card number, is printed on a credit or debit card. The CSC is used as a security feature for card not present transactions, where a personal identification number (PIN) cannot be manually entered by the cardholder. It was instituted to reduce the incidence of credit card fraud.

<span class="mw-page-title-main">Roman Seleznev</span> Russian computer hacker

Roman Valerevich Seleznev, also known by his hacker name Track2, is a Russian computer hacker. Seleznev was indicted in the United States in 2011, and was convicted of hacking into servers to steal credit-card data. His activities are estimated to have caused more than $169 million in damages to businesses and financial institutions. Seleznev was arrested on July 5, 2014, and was sentenced to 27 years in prison for wire fraud, intentional damage to a protected computer, and identity theft.

A darknet market is a commercial website on the dark web that operates via darknets such as Tor and I2P. They function primarily as black markets, selling or brokering transactions involving drugs, cyber-arms, weapons, counterfeit currency, stolen credit card details, forged documents, unlicensed pharmaceuticals, steroids, and other illicit goods as well as the sale of legal products. In December 2014, a study by Gareth Owen from the University of Portsmouth suggested the second most popular sites on Tor were darknet markets.

Carder.su is a crime forum and online marketplace specialising in the sale of credit card details and identity theft.

<span class="mw-page-title-main">Carding (fraud)</span> Crime involving the trafficking of credit card data

Carding is a term describing the trafficking and unauthorized use of credit cards. The stolen credit cards or credit card numbers are then used to buy prepaid gift cards to cover up the tracks. Activities also encompass exploitation of personal data, and money laundering techniques. Modern carding sites have been described as full-service commercial entities.

Card transaction data is financial data generally collected through the transfer of funds between a card holder's account and a business's account. It consists of the use of either a debit card or a credit card to generate data on the transfer for the purchase of goods or services. Transaction data describes an action composed of events in which master data participates. Transaction focuses on the price, discount and method of payment interaction between the customer and the organization. They are based on volatility as each transaction data changes every time a purchase is made, one time it could be $10, the next $55. Since debit and credit cards are commonly used to pay for goods and services, they represent a strong percentage of the consumption expenditure in the country.

References

1 2 3 Westcott, Ben (8 February 2018). "International cyber crime ring smashed after more than $530 million stolen". CNN. Retrieved 8 February 2018.
1 2 3 4 5 6 7 "Thirty-six Defendants Indicted for Alleged Roles in Transnational Criminal Organization Responsible for More than $530 Million in Losses from Cybercrimes". www.justice.gov. 7 February 2018. Retrieved 2018-02-20.
1 2 3 4 5 Olding, Rachel (2018-02-08). "Australian man among 36 arrested in US cyberfraud takedown". The Sydney Morning Herald. Retrieved 2018-02-20.
↑ "Thirty-Six Individuals Charged In Global Cybercrime Ring "Infraud" | JD Supra". JD Supra. Retrieved 2018-02-20.
↑ https://dd80b675424c132b90b3-e48385e382d2e5d17821a5e1d8e4c86b.ssl.cf1.rackcdn.com/external/infraudsupersedingindictment.pdf ^{[ bare URL PDF ]}
↑ "DOJ shuts down transnational cybercrime ring credited with over $530 million in losses". SecurityInfoWatch.com. Retrieved 2018-02-21.

External links

List of those indicted
Statement issued by the United States Department of Justice on Wednesday, February 7, 2018

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[:0-1] 1 2 3 Westcott, Ben (8 February 2018). "International cyber crime ring smashed after more than $530 million stolen". CNN. Retrieved 8 February 2018.

[:1-2] 1 2 3 4 5 6 7 "Thirty-six Defendants Indicted for Alleged Roles in Transnational Criminal Organization Responsible for More than $530 Million in Losses from Cybercrimes". www.justice.gov. 7 February 2018. Retrieved 2018-02-20.

[:2-3] 1 2 3 4 5 Olding, Rachel (2018-02-08). "Australian man among 36 arrested in US cyberfraud takedown". The Sydney Morning Herald. Retrieved 2018-02-20.

[4] "Thirty-Six Individuals Charged In Global Cybercrime Ring "Infraud" | JD Supra". JD Supra. Retrieved 2018-02-20.

[5] ttps://dd80b675424c132b90b3-e48385e382d2e5d17821a5e1d8e4c86b.ssl.cf1.rackcdn.com/external/infraudsupersedingindictment.pdf ^{[ bare URL PDF ]}

[6] "DOJ shuts down transnational cybercrime ring credited with over $530 million in losses". SecurityInfoWatch.com. Retrieved 2018-02-21.

[1]

[2]

[3]

[4]

[5]

[6]