An FBI investigation of an international ring of phishers that used the
Internet to swap stolen IDs and credit cards – including information of
customers of a “major financial institution” — netted 17 hackers in the
U.S. and Eastern Europe, federal law enforcement officials said.
Four U.S. arrests were made, along with 13 in Poland, including the alleged
ringleader nicknamed “Blindroot.” The probe, dubbed “Operation Cardkeeper,”
began after a “major financial institution” reported numerous phishing
attacks between August and October 2004, according to FBI spokesperson Paul
According to the FBI office in Richmond, Virginia, the group “compromised”
around 50 servers in the area that were then used to launch the attacks. A
common tactic of phishers is to take control of systems in order to deliver
spam or porn.
Bresson denied the financial institution involved was E*Trade. In October,
the online broker reported it had to repay $18 million to customers whose
accounts were used by hackers to run “pump-and-dump” stock schemes.
The government investigation also revealed an Internet bazaar where identity
thieves meet to swap stolen personal data. The forums were used “by both
U.S. citizens and foreign nationals to commit financial crimes,” according
to the FBI.
Although no financial figures were released on how much was lost due to the
phishing attacks, “hundreds of thousands of dollars” are saved when stolen
financial data is intercepted by the FBI, James E. Finch, assistant director
of the agency’s Cyber Division said in a statement.
“Cyber criminals will no longer be able to hide behind borders to conduct
their illicit business,” Finch said.
The government said 15 search warrants were issued, including in New York,
Georgia, Nebraska, Tennessee, Ohio and Texas. Romania law enforcement are
also questioning subjects.
As a result of the information turned up during “Operation Cardkeeper,”
several other investigations have begun, according to a statement.