Timeline: Cybercrime

By Deborah Gage Print this article Print

A look back at significant computer crimes committed and the steps federal law enforcement agencies have taken to catch online fraudsters.

Some of the most infamous computer crimes have occurred in just the last five years. Here is a look back at significant attacks launched from the U.S. and overseas and at law enforcement's attempts to stop them.

2000 May: Internet Fraud Complaint Center created by National White Collar Crime Center and FBI, to provide a clearinghouse for complaints about fraud perpetrated over the Internet.

October: Microsoft acknowledges that a hacker has gained access to its internal corporate network.

November: The FBI establishes a fake security start-up company in Seattle, then lures two Russian citizens to U.S. soil on the pretense of offering them jobs and arrests them. The Russians are accused of stealing credit card information, attempting to extort money from victims, and defrauding PayPal by using stolen credit cards to generate cash.
2001 March: The FBI warns that 40 companies in 20 states have been threatened with extortion by organized hacker groups from Russia and Ukraine. The agency claims that more than 1 million credit card numbers have been stolen by exploiting unpatched holes in Microsoft's Windows NT operating system.

May: One year after launching, the Internet Fraud Complaint Center initiates Operation Cyberloss, in which 90 companies and individuals are charged with wire fraud, mail fraud, bank fraud, money laundering, and/or intellectual property right violations

October: Congress passes the USA Patriot Act, which allows the Secret Service to form Electronic Crimes Task Forces in partnership with other agencies. These are intended to fight cyberattacks, particularly against telecommunications and financial services.
2002 April: FBI Director Robert Mueller creates a division to coordinate the agency's investigations of crimes involving the Internet, computer systems and networks.

June: CardCops, an anti-fraud organization launched by former advertising executive Dan Clements, creates a database where consumers can check the numbers of compromised credit cards. According to InternetNews, the site is temporarily overwhelmed, receiving one request per second.

August: Shadowcrew's Web site appears, with forums for information on trafficking in personal information. "Buyers will find the forums well organised for purchasing products with the minimum of hassle,'' the site says, according to a cache retrieved from Google. "Please sign up for the forums ... and help our community grow."

August: Russian newspapers report that the territorial directorate of the Federal Security Service in Chelyabinsk has opened a case against FBI Special Agent Michael Schuler. Schuler helped lure two Russian citizens to Seattle to arrest them in November, 2000 (see above). He then accessed their computers, which were in Russia, to collect evidence that they were involved in Internet fraud. The FSB is quoted as saying the FBI "used hackers' methods against hackers" and "might also use them on other occasions."
2003 February: Security consultancy iDefense notes increasing activity by a Russian hacker group known as the Hang-Up Team, which has a new Web site devoted to administrative tools for attacking U.S. financial institutions.

May: The Department of Justice announces more than 130 arrests in connection with Operation E-Con, an international effort to fight identity theft, software piracy, online auction scams and other Internet fraud.

September: Authorities in Alba Julia, Romania, arrest Dan Marius Stefan, accused of scamming eBay users out of $500,000 through fake e-mails and Web sites.

October: The cybercrime group Darkprofits is targeted by the Mimail.C worm, which is programmed to launch denial-of-service attacks against Darkprofits' domains.

November: Microsoft offers $250,000 each for information leading to the arrest and conviction of those responsible for unleashing the MSBlast.A worm and Sobig virus.

November: The Justice Department announces more than 70 indictments and 125 convictions or arrests for phishing, hacking, spamming and other Internet fraud as part of Operation CyberSweep.
2004 March: The Hang-Up Team claims to have collected 5 gigabytes of data captured by logging the keystrokes of unwary computer users, according to iDefense. The team may unload stolen passwords and credit card numbers through the cybercrime site Carderplanet.

June: Ukrainian Roman Vega, a.k.a. Boa, is extradited from Cyprus to Northern California and pleads not guilty to charges of wire fraud, use of unauthorized access devices with intent to defraud, and aiding and abetting. He is accused of operating www.boafactory.com, which buys and sells stolen credit cards and fake IDs.

July: A new English-language site called Stealthdivision, founded by a member of Carderplanet to promote credit card fraud, has 320 members, according to iDefense.

August: The Justice Department announces more than 160 investigations into Internet fraud. One target, Saad (alias Jay R.) Echouafni, became a fugitive after being indicted for allegedly hiring hackers to launch denial-of-service attacks against his competitors. The attacks also disrupted web sites for the Department of Homeland Security and Amazon.com.

October: Secret Service seizes control of the Shadowcrew Web site and arrests 28 people in eight states and six countries. They plead not guilty to charges of conspiracy to defraud the United States. One man, Nicolas Jacobsen, is charged with hacking into a T-Mobile computer system, exposing confidential documents the Secret Service had e-mailed to an agent.

December: Microsoft announces Digital PhishNet, a collaboration between banks, ISPs and others to compile data on phishing and share it with law-enforcement authorities.
2005 January: An attack on a server at Virginia's George Mason University compromises identification data on 32,000 students and staff. The University is a federally funded research center for Internet security and houses the Center for Secure Information Systems.

February: Choicepoint acknowledges that people posing as legitimate businessmen accessed 144,778 consumer records, including credit reports and Social Security numbers. ChoicePoint says it has notified more than 700 people that their identity information was compromised.

This article was originally published on 2005-03-07
Senior Writer
Based in Silicon Valley, Debbie was a founding member of Ziff Davis Media's Sm@rt Partner, where she developed investigative projects and wrote a column on start-ups. She has covered the high-tech industry since 1994 and has also worked for Minnesota Public Radio, covering state politics. She has written freelance op-ed pieces on public education for the San Jose Mercury News, and has also won several national awards for her work co-producing a documentary. She has a B.A. from Minnesota State University.

eWeek eWeek

Have the latest technology news and resources emailed to you everyday.