http://online.wsj.com/article/SB10001424052702304870304577490731071972786.html

June 26, 2012

Arrests Made in Massive Online Sting Operation

By REED ALBERGOTTI

Federal authorities have arrested 24 people in the U.S. and a dozen other countries in what they say is the largest-ever undercover operation targeting the global online trade of stolen credit-card numbers.

The Federal Bureau of Investigation set up a fake online forum two years ago to attract online thieves who steal personal identification and account information for credit, debit and bank cards that are used to make illicit purchases or to sell to others.

The first investigation of its kind for the FBI, "Operation Card Shop," offered investigators a window into how alleged thieves communicate and interact on similar sites that have proliferated on the Internet.

Users of the site offered advice on hacking, stealing credit cards and how best to use stolen cards without getting caught, according to criminal complaints unsealed in Manhattan federal court Tuesday.

The fake website, carderprofit.cc, was described in the complaints as a "marketplace for illegal activities."

It attracted thousands of people who obtained stolen-identity information from about 400,000 unsuspecting victims who were notified during the course of the investigation, an FBI spokesman said.

The FBI monitored the site and in some cases made business deals with the alleged thieves.

The alleged thieves often used online aliases. The FBI captured their Internet protocol addresses and tracked them down.

"From New York to Norway and Japan to Australia, Operation Card Shop targeted sophisticated, highly organized cyber criminals," said Janice Fedarcyk, assistant director in charge of the FBI's New York bureau, adding that the Internet offers "no sanctuary for criminals and [is] not beyond the reach of the FBI."

Federal officials said 47 financial institutions, government entities and educational institutions avoided more than $200 million in losses as a result of the sting operation.

One of the alleged perpetrators was Mir Islam, who used several aliases including "Ijew," "Josh Matthews" and "Robert Whitetaker."

On Sept. 10, 2010, Mr. Islam offered advice to another member who wanted to know the best place to purchase Apple Inc. AAPL +0.43% products using stolen credit cards, according to one of the complaints.

Mr. Islam suggested buying the products directly from Apple's website, because "they won't ask for verification," he said, as long as the purchase price was under $350, according to the complaint.

Mr. Islam was arrested in New York on Tuesday. His lawyer declined comment.

A spokeswoman for Apple declined to comment.

Joshua Hicks used the online name "OxideDox", according to another complaint. He unwittingly told an undercover FBI agent whom he met on the site's message board that he had a contact in California who could use stolen credit-card numbers to produce counterfeit cards, the complaint says.

Referring to stolen credit-card numbers as "dumps," and new credit-card numbers as "fresh dumps," he told the FBI agent on Feb. 20, 2012, that he would give him credit-card numbers in exchange for a digital SLR camera, the complaint said. The FBI agent agreed to the exchange, according to the complaint, and Mr. Hicks sent the agent five credit-card numbers three days later.

On Feb. 28, 2012, according to the complaint, Mr. Hicks agreed to meet the undercover FBI agent in Manhattan and hand him the digital SLR, an exchange that was recorded using FBI surveillance, according to the complaint. Later that evening, the FBI agent asked Mr. Hicks via instant message whether he liked the camera.

Mr. Hicks said he would have liked a different model camera, "but hey, a free camera is a free camera."

A lawyer for Mr. Hicks, who also was arrested in New York, declined to comment.

Write to Reed Albergotti at reed.albergotti@wsj.com