Infraud Organization

Infraud Organization

Formation	October 2010
Dissolved	February 2018
Type	Criminal organization
Location	International
Services	Carding
Membership	10,901
CEO	Proibz

Infraud Organization was an international cybercrime network active from October 2010 to February 2018, specializing in carding, identity theft, and stealing financial data, including credit card and online banking information. ^[1] The organization was created by Svyatoslav Bondarenko, a 34-year-old man from Ukraine.

In February 2018, authorities in the United States indicted 36 individuals involved with the organization on charges of racketeering, conspiracy, possession of 15 or more access devices, and aiding and abetting. ^[2] As of February 2018, 13 of the 36 have been arrested.

The US Justice Department stated that as of March 2017, the organization had 10,901 registered members ^[1] and was the "largest cyber fraud enterprise prosecutions ever undertaken by the Department of Justice" and had resulted in $530 million in actual losses, with an estimated $2.2 billion in intended losses. Infraud's actions affected people from 50 countries around the globe, they've targeted more than 4.3 mln debit cards. ^{[3] [4]} As of 2018 , the case was the largest cyberfraud ever prosecuted by the US Department of Justice. ^[2]

History

Infraud was established by Svyatoslav Bondarenko in October 2010, a 34-year-old man from Ukraine. ^[1] The name of the organization refers to its slogan, "In Fraud We Trust". By 2018, Infraud became the Dark web's largest group of cybercriminals. ^[5] Infraud's website was a place where vendors could advertise stolen or counterfeit credit cards, banking information, malware, etc. Among the earliest and most prominent vendors was Muhammad Shiraz, who initially offered extensive dumps of compromised credit card data. ^{[4] [2]}

Infraud also provided escrow services to facilitate illicit digital currency transactions. ^{[2] [6]}

The organisation had a strict set of rules of conduct for its members. As mentioned in the indictment, in 2011 Bondarenko opened a thread to document users who were banned on Infraud for low quality offers. Infraud relied on screening protocols to ensure only high quality vendors. In March 2011, Bondarenko prohibited buying and selling payment cards and other goods stolen from CIS citizens. ^{[7] [8]}

As claimed by one of the members, already in 2011 he possessed 795,000 UK logins to HSBC bank available for sale. Another one advertised 1,300 compromised PayPal account IDs in 2013. Apart from cards and banking credentials, the vendors offered flight bookings, rental cars and seats at US concerts and sporting events for a price much lower than the real one. ^{[7] [8]}

On 16 April 2016, Medvedev announced that Bondarenko had gone missing and that he took over as "admin and owner" of the Infraud Organization. Soon, Medvedev introduced an open invite policy that allowed members to invite their associates to Infraud. ^{[7] [8]}

Operations and hierarchy

Infraud had a well-defined hierarchy, resembling that of large financial corporations. At the top were administrators, followed by super moderators, moderators, vendors, VIP members, and general members. Administrators functioned as executive managers, overseeing daily operations and strategic planning. They controlled membership, imposed penalties and rewards, and had full access to the servers hosting Infraud's websites. ^[2]

Super moderators managed specific sections of the forums based on their expertise or geographical location. Their authority was limited to editing and deleting posts, resolving disputes, and reviewing products or services offered by vendors within their domain. Moderators performed similar functions but had less authority and were usually responsible for just one or two sub-forums. ^[2]

Vendors sold illicit goods and services through their dedicated websites. To maintain quality, members reviewed purchases, ensuring that substandard vendors were eventually excluded from the organization. ^[2]

VIP members held a privileged status, granted to long-standing or influential figures within Infraud to distinguish them from regular members and vendors. ^[2]

General members used the platform to exchange information on criminal activities and to purchase illegal products and services, including stolen credit card data. ^[2]

As of March 2017, Infraud had over 10,901 registered members. ^[2]

Indictment

The indictment was released on 7 February 2018 by the U.S. District Court in the District of Nevada. It listed 36 individuals who were alleged to be involved with the organization: ^{[2] [8] [9]} The indictment contains a list of each individual's name and their alias used within the Infraud organization, a brief explanation of their part in Infraud and examples of some of the crimes each individual committed. The charges in the indictment are only allegations, and are presumed innocent until proven guilty. In short, notable members were: ^[2]

• Svyatoslav Bondarenko, the Ukrainian founder of Infraud, launched the site on October 14, 2010. He ceased all activity on Infraud and disappeared in 2015.
• Sergey Medvedev, Infraud's co-founder and an active member since 2010, took over as owner and administrator after Bondarenko's disappearance, stating that Bondarenko had "gone missing.". ^[4] Medvedev managed the cryptocurrency exchange and provided escrow services for more than 10,000 members. ^[6] He was arrested in Bangkok, Thailand with over 100,000 bitcoins (worth roughly $822 million at the time). ^[10]
• Taimoor Zaman, known by the alias "Scottish," was both a moderator and administrator of the forum. ^[11]
• Aldo Ymeraj, an Albanian vendor, advertised credit card dumps. ^[8]
• Amjad Ali, a Pakistani member who joined Infraud in December 2010, was later promoted to Super Moderator. He specialized in selling CVVs and purchased more than 130 compromised credit card dumps from Musliu.
• Roland Patrick N'Djimbi Tchikaya, a French member and vendor, was involved in selling CVVs and also purchased compromised credit card numbers from another vendor not named in the indictment.
• Arnaldo Sanchez, a VIP member of Infraud, advertised the sale of CVVs and credit card profile lookups. ^[12]
• Miroslav Kovacevic, a Serbian member, sold plastic cards, templates, and scans.
• Fredrick Thomas, from Alabama who was a vendor for social security numbers and date of birth lookups.
• Osalma Abdelhamed, an Egyptian vendor, sold credit card dumps and operated multiple websites for this purpose. He also purchased stolen credit card numbers from Fawaz.
• Besart Hoxha, a Kosovo vendor, advertised plastic card stock and holograms.
• Raihan Ahmed Gut, a Bangladesh vendor, specialized in compromised PayPal accounts. He had purchased over 1,300 stolen PayPal logins from an unnamed vendor.
• Andrey Sergeevich Novak, a Russian vendor, dealt in CVVs.
• Valerian Chiochiu, a Moldovan, provided expertise on developing, deploying, and using RAM point of sale malware to harvest stolen data. He was the author of the "FastPOS" malware. ^[13]
• Gennaro Fioretti, an Italian VIP member, made numerous illicit purchases from other Infraud members. ^[14]
• Edgar Andres Viloria, an Australian VIP member, purchased credit card dumps from Musliu.
• John Telusma, a vendor from New York, specialized in cashout and drop services and sold credit card dumps. He joined Infraud in August 2011. ^{[15] [8]}
• Rami Fawaz, a member from Ivory Coast, sold compromised account data
• Muhammed Shiraz, a Pakistani vendor, specialized in credit card dumps.
• Jose Gamboa, a Californian vendor, sold custom-built ATM skimmers.
• Alexey Klimenko, a Ukrainian vendor, offered services enabling individuals to create, operate, maintain, and protect their own online contraband stores.
• Edward Lavoile, a Canadian member, advertised the sale of personally hacked CVVs. ^[16]
• Anthony Nnamdi Okeakpu, a UK student, served as a Super Moderator under the alias "Moneymafia." He joined Infraud in 2010 and was later promoted to VIP member status in August 2014. ^{[7] [3] [11]}
• Pius Sushil Wilson, a VIP member from New York who joined in January 2011, was one of the forum's most active participants, posting hundreds of messages. ^[8]
• Muhammad Khan, a Pakistani vendor, was responsible for verifying stolen credit card numbers to determine whether they were still functional or had been deactivated due to fraud.
• David Jonathan Vargas, a Californian, sold carded travel services. ^[8]
• Marko Leopard, a vendor from North Macedonia, offered services to help individuals create, operate, and secure online contraband stores. He joined Infraud in 2011 and also served as an "abuse immunity" web hoster. ^[17]
• Liridon Musliu, a Kosovo-based vendor, sold credit card dumps. ^[8]
• Mena Mouries Abd El-Malak, an Egyptian vendor who joined in November 2010, advertised credit card dumps.

Additionally, eight unidentified or deceased individuals, referred to as John Doe in the indictment, ^[2] were listed:

• John Doe #1 – a vendor of credit card dumps.
• John Doe #2 – a vendor of drop services.
• John Doe #3 – a vendor of credit card dumps.
• John Doe #4 – a vendor of credit card dumps.
• John Doe #5 – a vendor of credit card dumps.
• John Doe #6 – a vendor of credit card dumps.
• John Doe #7 – a vendor of credit card dumps who used Medvedev's escrow service for transactions.
• John Doe #8 – a vendor of compromised online bank logins, who claimed to have 795,000 HSBC logins for sale. ^[4]

According to the indictment, many vendors redirected potential buyers to their own websites to complete transactions. Each of these websites was listed in the indictment. Some vendors also distributed free credit card dumps or compromised PayPal logins as promotional samples to demonstrate their products.

Investigation

Arrests

In a joint operation involving law enforcement agencies from 16 countries, including the United States, Europe, Australia and Asia, 13 members of Infraud were arrested between February 7–8, 2018, in various locations worldwide. The Infraud website was taken down, replaced with a message stating: "This operation is a coordinated effort by United States, European, Australian and Asian law enforcement agencies to disrupt and dismantle the transnational criminal enterprise known as Infraud Organization". ^[4]

The individuals arrested included Sergey Medvedev (detained in Thailand), Roland Patrick N'Djimbi Tchikaya, Miroslav Kovacevic, Fredrick Thomas, Besart Hoxha, John Telusma, Jose Gamboa, David Jonathan Vargas, Liridon Musliu, Gennaro Fioretti (also arrested in Thailand), Edgar Andres Viloria Rojas, Pius Sushil Wilson, and Edward Lavoile. ^{[14] [18]}

Acting Assistant Attorney General John Cronan of the United States Department of Justice described Infraud as operating "like a business to facilitate cyber fraud on a global scale." He emphasized that the Department of Justice "refuses to allow these cybercriminals to use the perceived anonymity of the Internet as a shield for their crimes" and reaffirmed their commitment to working with international partners to identify, investigate, and prosecute those responsible, regardless of their location. Acting Executive Associate Director Benner of Homeland Security Investigations warned that "criminal cyber organizations like Infraud threaten not just U.S. citizens but people in every corner of the globe" and that "the actions of computer hackers and identity thieves not only harm countless innocent Americans, but the threat they pose to our financial system and global commerce cannot be overstated". ^[2]

In January 2022, the FSB arrested Andrey Novak along with three other Infraud members: Kirill Samokutyaev, Konstantin Bergman, and Mark Bergman. The operation was conducted with assistance from U.S. intelligence agencies, which had been pursuing Novak on cyber fraud charges. A case was filed against him under Part 2 of Article 272 of the Russian Criminal Code (illegal access to computer information). The Tverskoy Court of Moscow subsequently ordered Novak to be held in pre-trial detention. ^{[19] [20] [21]}

Charges

Infraud was accused of causing over $530 million in actual financial losses and $2.2 billion in intended losses since its inception in 2010. The organization was responsible for the sale of 4 million compromised credit card credentials. ^{[6] [2]}

Sentences

On March 19, 2021, Sergey Medvedev, 34, pleaded guilty to one count of racketeering conspiracy and was sentenced to 10 years in prison. ^[20] On the same day, Marko Leopard also pleaded guilty and received a 5-year prison sentence. ^[17] A month later, on November 17, 2021, Valerian Chiochiu, 32, pleaded guilty. In December 2021, he was sentenced to 10 years in prison. ^{[22] [13]} Arnaldo Sanchez Torteya, 35, Edgar Rojas, 31, and Jose Gamboa, 35, were sentenced to 8 years in prison. Pius Sushil Wilson, 35, received 7 years. ^[23]

In May 2021, Anthony Nnamdi Okeakpu pleaded guilty. By July 2021, he was sentenced to 48 months (4 years) in prison, 3 years of supervised release with special conditions, and a $568 million fine. ^{[24] [25]}

The 14th member of Infraud to be sentenced was John Telusma, who pleaded guilty on October 13, 2021, and was sentenced to 4 years in prison on May 22, 2022. ^[15]

On September 9, 2022, Besart Hoxha was extradited from Kosovo and placed into custody. As of July 2023, his case remains under pre-plea investigation. ^[26]

Fredrick Thomas was arrested on 28 July 2023. ^[27]

References

1. Westcott, Ben (8 February 2018). "International cyber crime ring smashed after more than $530 million stolen". CNN. Retrieved 8 February 2018.
2. "Thirty-six Defendants Indicted for Alleged Roles in Transnational Criminal Organization Responsible for More than $530 Million in Losses from Cybercrimes". www.justice.gov. 7 February 2018. Retrieved 2018-02-20.
3. "British man faces charges in US over international cyber crime gang". Jersey Evening Post. 2022-04-01. Retrieved 2025-02-05.
4. Olding, Rachel (2018-02-08). "Australian man among 36 arrested in US cyberfraud takedown". The Sydney Morning Herald. Retrieved 2018-02-20.
5. "The Infraud Organization Group Members Arrested by Russian Authorities". Hackread. 2020-01-29. Retrieved 2025-02-04.
6. Shome, Arnab (2020-06-30). "Russian National Pleads Guilty for $568 Million Cyber Fraud". Finance Magnates. Retrieved 2025-02-03.
7. "Dozens charged for Infraud cyber-crime site". BBC. 2018-02-07. Retrieved 2025-02-04.
8. "Infraud Superseding Indictment" (PDF). US Department of Justice. Retrieved 2025-02-05.
9. "Thirty-Six Defendants Indicted For Alleged Roles In Transnational Criminal Organization Responsible For More Than $530 Million In Losses From Cybercrimes". The US Department of Justice. 2018-02-07. Retrieved 2025-02-05.
10. "Thirty-Six Individuals Charged In Global Cybercrime Ring "Infraud" | JD Supra". JD Supra. Retrieved 2018-02-20.
11. Iqbal, Sajid (2018-11-14). "US asks London court to hand over two alleged hackers". BBC. Retrieved 2025-02-05.
12. https://dd80b675424c132b90b3-e48385e382d2e5d17821a5e1d8e4c86b.ssl.cf1.rackcdn.com/external/infraudsupersedingindictment.pdf ^{[ bare URL PDF ]}
13. "Malware Author Pleads Guilty for Role in Transnational Cybercrime Organization Responsible for more than $568 Million in Losses". Department of Justice. 2020-07-31. Retrieved 2025-02-05.
14. "Chiuso Infraud, il negozio del Dark Web amato dai truffatori". Tom's Hardwar. 2018-02-08. Retrieved 2025-02-05.
15. "New York Man Sentenced to 4 Years in Transnational Cybercrime Scheme". The Hacker News. Retrieved 2025-02-05.
16. Howard, Solomon (2018-02-09). "Canadian one of 36 indicted by US in international cyberfraud ring". It World Canda. Retrieved 2025-02-05.
17. "Foreign Nationals Sentenced for Roles in Transnational Cybercrime Enterprise". US Department of Justice. 2021-03-19. Retrieved 2025-02-04.
18. "DOJ shuts down transnational cybercrime ring credited with over $530 million in losses". SecurityInfoWatch.com. Retrieved 2018-02-21.
19. "Russia arrests leader of "Infraud Organization" hacker group". Thales Group. 2023-12-07. Retrieved 2025-02-04.
20. Ilascu, Ionut (2022-01-25). "Russia arrests leader of "Infraud Organization" hacker group". Bleeping Computer. Retrieved 2025-02-04.
21. "Leader of Infraud Organization hacking group charged with cyber fraud". TASS. 2022-01-24. Retrieved 2025-02-04.
22. "United States v. Svyatoslav Bondarenko, et al. (Infraud)". Department of Justice. 2021-11-26. Retrieved 2025-02-05.
23. "Infraud transnational cyber crime group members jailed in US federal prison". Cyber Daily. 2022-05-30. Retrieved 2025-02-05.
24. "AMENDED PRELIMINARY ORDER OF FORFEITURE as to Anthony Nnamdi Okeakpu. Signed by Judge James C. Mahan on 3/29/21. (Copies have been distributed pursuant to the NEF - JQC)". US District Court District of Nevada. Retrieved 2025-02-05.
25. "AMENDED JUDGMENT as to Anthony Nnamdi Okeakpu (22), Count 1ss, Sentenced 7/23/2021 : 48 Months Imprisonment, defendant remanded, Three years Supervised Release w/special conditions, $100.00 Assessment, $568,000,000.00 Fine. Signed by Judge James C. Mahan on 7/26/21. (Copies have been distributed pursuant to the NEF - JQC)". US District Court District of Nevada. 2021-07-23. Retrieved 2025-02-05.
26. "United States v. Hoxha". DoJ. 2023-07-24. Retrieved 2025-02-05.^{[ dead link ]}
27. "USA v. Bondarenko, et al. Criminal Court Docket Sheet" . Retrieved 2025-02-05.

External links

• Banks portal

• List of those indicted
• Statement issued by the United States Department of Justice on Wednesday, February 7, 2018
• U.S. District Court in the District of Nevada case