Timeline: Cybercrime

October: Microsoft acknowledges that a hacker has gained access to its internal corporate network.

November: The FBI establishes a fake security start-up company in Seattle, then lures two Russian citizens to U.S. soil on the pretense of offering them jobs and arrests them. The Russians are accused of stealing credit card information, attempting to extort money from victims, and defrauding PayPal by using stolen credit cards to generate cash.

May: One year after launching, the Internet Fraud Complaint Center initiates Operation Cyberloss, in which 90 companies and individuals are charged with wire fraud, mail fraud, bank fraud, money laundering, and/or intellectual property right violations

October: Congress passes the USA Patriot Act, which allows the Secret Service to form Electronic Crimes Task Forces in partnership with other agencies. These are intended to fight cyberattacks, particularly against telecommunications and financial services.

June: CardCops, an anti-fraud organization launched by former advertising executive Dan Clements, creates a database where consumers can check the numbers of compromised credit cards. According to InternetNews, the site is temporarily overwhelmed, receiving one request per second.

August: Shadowcrew’s Web site appears, with forums for information on trafficking in personal information. “Buyers will find the forums well organised for purchasing products with the minimum of hassle,” the site says, according to a cache retrieved from Google. “Please sign up for the forums … and help our community grow.”

August: Russian newspapers report that the territorial directorate of the Federal Security Service in Chelyabinsk has opened a case against FBI Special Agent Michael Schuler. Schuler helped lure two Russian citizens to Seattle to arrest them in November, 2000 (see above). He then accessed their computers, which were in Russia, to collect evidence that they were involved in Internet fraud. The FSB is quoted as saying the FBI “used hackers’ methods against hackers” and “might also use them on other occasions.”

May: The Department of Justice announces more than 130 arrests in connection with Operation E-Con, an international effort to fight identity theft, software piracy, online auction scams and other Internet fraud.

September: Authorities in Alba Julia, Romania, arrest Dan Marius Stefan, accused of scamming eBay users out of $500,000 through fake e-mails and Web sites.

October: The cybercrime group Darkprofits is targeted by the Mimail.C worm, which is programmed to launch denial-of-service attacks against Darkprofits’ domains.

November: Microsoft offers $250,000 each for information leading to the arrest and conviction of those responsible for unleashing the MSBlast.A worm and Sobig virus.

November: The Justice Department announces more than 70 indictments and 125 convictions or arrests for phishing, hacking, spamming and other Internet fraud as part of Operation CyberSweep.

June: Ukrainian Roman Vega, a.k.a. Boa, is extradited from Cyprus to Northern California and pleads not guilty to charges of wire fraud, use of unauthorized access devices with intent to defraud, and aiding and abetting. He is accused of operating www.boafactory.com, which buys and sells stolen credit cards and fake IDs.

July: A new English-language site called Stealthdivision, founded by a member of Carderplanet to promote credit card fraud, has 320 members, according to iDefense.

August: The Justice Department announces more than 160 investigations into Internet fraud. One target, Saad (alias Jay R.) Echouafni, became a fugitive after being indicted for allegedly hiring hackers to launch denial-of-service attacks against his competitors. The attacks also disrupted web sites for the Department of Homeland Security and Amazon.com.

October: Secret Service seizes control of the Shadowcrew Web site and arrests 28 people in eight states and six countries. They plead not guilty to charges of conspiracy to defraud the United States. One man, Nicolas Jacobsen, is charged with hacking into a T-Mobile computer system, exposing confidential documents the Secret Service had e-mailed to an agent.

December: Microsoft announces Digital PhishNet, a collaboration between banks, ISPs and others to compile data on phishing and share it with law-enforcement authorities.

February: Choicepoint acknowledges that people posing as legitimate businessmen accessed 144,778 consumer records, including credit reports and Social Security numbers. ChoicePoint says it has notified more than 700 people that their identity information was compromised.