Cybercrime’s Most Wanted

ShadowcrewShut down: October 2004

Trafficked in: Stolen and counterfeit identification

Twenty-eight people were arrested when federal agents seized control of this Web site. The Secret Service says the Shadowcrew had 4,000 members and was “the largest, the most popular and the best organized” of the cybercrime groups at the time. The group promoted malicious hacking, Internet fraud and electronic theft, the agency says.CarderplanetShut down: August 2004

Trafficked in: Credit card numbers

The world’s premier credit-card hacking Web site until it was put out of business, according to Virginia security consultancy iDefense. The site was predominantly in Russian and suffered from outages, possibly caused by rival carding groups or aggrieved corporations and governments. The Secret Service’s confidential informant was a high-ranking member of both the Shadowcrew and Carderplanet, according to an affidavit filed in U.S. District Court in Los Angeles.

Stealthdivision

Shut down: late 2004

Trafficked in: Stolen and counterfeit identification, credit cards

An English-language site where Shadowcrew members tried to regroup after the Secret Service closed Shadowcrew.com. According to iDefense, the site was founded by a longtime Carderplanet member known as Scarface to replace Carderplanet. The security firm says the site was hosted in Malaysia and had around 320 members as of July. A person named Scarface, a.k.a. Beau Anthony Franks, was part of the group arrested during the Shadowcrew takedown. Franks’ lawyer will not discuss the case.

Darkprofits

Shut down: Date unknown

Trafficked in: Anonymity

Another of the cybercrime groups investigated by the Secret Service. In late 2003, the group was targeted by the creators of the Mimail.C worm. Mimail.C was programmed to direct infected computers to launch denial-of-service attacks against Darkprofits’ domains, which specialized in credit card fraud and ways to maintain anonymity online. That worm also harvested information—possibly passwords—from browser windows on infected computers to forward to predetermined e-mail addresses.

boatfactory

Shut down: Date unknown

Trafficked in: Credit card numbers, passports

The alleged operator of the site, a Ukranian citizen named Roman Vega, a.k.a. Boa, was extradited in June from Cyprus to Northern California, where he is awaiting trial. He is accused of causing losses to credit card issuers in excess of $2.5 million. Vega has pleaded not guilty to wire fraud, the use of unauthorized access devices with intent to defraud, and aiding and abetting.

Muzzfuzz

Shut down: 2004

Trafficked in: Credit card numbers, Social Security numbers

Described by the Secret Service as “an Internet bulletin board for buying, posting and sharing hacks and credit card numbers, and for facilitating identity theft and fraud.” It is where alleged Shadowcrew vendor Nicolas Jacobsen is accused of posting phone numbers and Social Security numbers obtained by hacking T-Mobile’s computer system.

Sources: iDefense, court documents, Baseline reporting