This week’s news brings another report about arrests of people involved with Crimeware. This story is particularly notable due to the large number of individuals being charged, and because it’s been jointly announced by U.S. and Romanian authorities. Many people involved with gathering information on and prosecuting online criminals have complained about the lack of cooperation from certain countries, but this certainly shows that progress is being made in that arena.

One thing I thought was especially interesting in the report was the description of the process that was allegedly being used by the people involved:

    According to the indictment, the Romania-based members of the enterprise obtained thousands of credit and debit card accounts and related personal information by phishing, with more than 1.3 million spam emails sent in one phishing attack. Once directed to a bogus site, victims were then prompted at those sites to enter access device and personal information. The Romanian “suppliers” collected the victims’ information and sent the data to U.S.-based “cashiers” via Internet chat messages. The domestic cashiers used hardware called encoders to record the fraudulently obtained information onto the magnetic strips on the back of credit and debit cards, and similar cards such as hotel keys. Cashiers then directed “runners” to test the fraudulent cards by checking balances or withdrawing small amounts of money at ATMs. The cards that were successfully tested, known as “cashable” cards, were used to withdraw money from ATMs or point-of-sale terminals that the cashiers had determined permitted the highest withdrawal limits. A portion of the proceeds was then wired to the supplier who had provided the access-device information.

This strikes me as a wonderful illustration of the resources that are now being put into the process by criminals. This isn’t a simple operation with some lone kid in his basement; this involves a network of people gathering information and testing, and relatively expensive card-writer hardware.