As I’ve mentioned before, one of the things that has changed about the problem of malicious hacking and software on the Internet is that, whereas at one time if was largely an activity of socially- and hygienically-challenged adolescents, it is now a key activity for organized criminals. According to a report at the “Threat Level” blog at Wired, US authorities have shut down a popular Web site supplying services for financial fraud, and two people from Belarus have been arrested.
Dmitry Naskovets, 25, and Sergey Semashko, 25, are suspected of creating and operating CallService.biz, a Russian-language site for identity criminals who trafficked in stolen bank-account data and other information
An indictment against Naskovets was unsealed Monday, charging him with identity theft, wire fraud, and credit card fraud. The Web site has been seized by the FBI.
According to the indictment, the site catered to crooks around the world who stole financial identification credentials using familiar techniques like keystroke loggers and phishing. Many banks, wary of this kind of fraud, require confirmation telephone calls, in addition to Internet transactions, to authorize high-value transactions like wire transfers. The CallService site provided English- and German-speaking accomplices to make these calls for crooks whose language skills otherwise would not pass muster.
One client, for example, requested assistance in July 2007 with illegally siphoning $35,000 from a checking account owned by someone in Westchester County, New York. The wire transfer occurred July 17.
The site boasted that its purveyors had served more than 2,000 criminal customers.
Perhaps the most interesting aspect of this story is the glimpse it provides of the large and thriving market in international criminal activity that the Internet has made possible. The CallService site was advertised on several other Web sites that cater to financial criminals. It has taken financial institutions and law-enforcement authorities a bit of time to catch up to this; existing laws and procedures are typically not well adapted to dealing with global fraud. Fortunately, this seems to be an example where international cooperation worked.
Update Wednesday, 21 April, 17:45 EDT
Brian Krebs, at “Krebs on Security”, also has an article on this development; it has some additional examples of the “fraud infrastructure” that has developed.