The FBI has arrested the alleged three leaders of an international crime syndicate that stole huge numbers of credit card numbers – which were subsequently sold on and used to rack up tens of millions of dollars in spending sprees.
Speaking in Seattle, USA, where the Feds’ cybersecurity taskforce is based, agents said the “Fin7” group was responsible for stealing more than 15 million credit card numbers at over 3,000 locations, impacting at least 100 businesses.
The group is alleged to have used phishing attacks, sending emails with attachments that launched a customized form of the Carbanak malware on victims’ computers. The group targeted people in charge of catering in three main industries – restaurants, hotels and casinos – and followed up the emails with phonecalls to those individuals, encouraging them to open the attachment, Uncle Sam’s agents said.
Once the software nasty was opened and installed, it would seek out credit card details and customers’ personal information from payment systems, and siphon them off to the Fin7 gang – which then sold the sensitive data on online marketplaces to crooks to exploit. Infosec biz FireEye has a summary of the malware, here.
The first suspected Fin7 kingpin was arrested back in January in Germany, the authorities said, but that indictment was kept under seal while the FBI continued its investigations. The unnamed individual has since been extradited to the US and will appear in court in Seattle in May.
The subsequent investigation then led to two further arrests: one in Poland and another in Spain. Both are currently in the middle of extradition hearings. The group operated through a front company based in Israel and Russia and operating throughout Eastern Europe.
Even though the estimated cost of the crime group is a drop in the bucket of what a senior director of credit card company Visa, Dan Schott, said is a $600 billion a year global business, he said that this case’s importance was that it showed the authorities were capable of fighting back “through cooperation across the private sector.”
FBI Special Agent Jay Tabb noted that the case is “the largest, certainly among the top three, criminal computer intrusion cases that the FBI is working right now in terms of loss, number of victims, the global reach, and the size of the organization, the organized crime syndicate doing this.”