Seventeen members of an alleged international phishing and carding gang have been arrested in the US and Eastern Europe following an FBI investigation.

Eastern European fraudsters are alleged to have run a series of identity theft scams targeting customers of major financial institutions between August and October 2004. These fraudsters sold on the personal details of marks to their US accomplices, who plundered compromised bank accounts and traded in stolen credit card information.

The arrests in Poland and the US came as part of an ongoing FBI investigation code-named Operation Cardkeeper. FBI investigators worked with local police in Poland and Romania to investigate the trade of stolen credit card information online, obtained through various phishing scams.

The alleged ringleader of the gang, a Pole called Mateusz Rymski (AKA Blindroot), is suspected of hacking into the systems of third party firms and renting out their web space to other fraudsters. So far four arrests have been made in the US and 13 in Poland as part of the investigation.

Wired reports (http://www.wired.com/news/technology/0,72064-0.html?tw=wn_index_1) that three of the four US suspects were caught with cards and MSR-206 machines used to encode data onto blank credit cards. One was caught trying to flush counterfeit credit cards down the toilet.

Investigators have identified tens of thousands of compromised credit card numbers and thousands of purloined identities in the course of the investigation. The extent of fraudulent losses caused by the gang remains unclear.

Further arrests in the US and Romania, where three search warrants were executed, are expected to follow. The Romanians are suspected of creating the key-logging Trojan software used in the scam. ®

Related stories

Germany nets ten phishing suspects (14 September 2007)
http://www.theregister.co.uk/2007/09/14/germany_phishing_arrests/
Spyware hackers raid Calif. city coffers (12 June 2007)
http://www.theregister.co.uk/2007/06/12/carson_city_spyware/
FBI warns of assassin spam scam twist (15 January 2007)
http://www.theregister.co.uk/2007/01/15/assassin_scam_twist/
Opera adds tech to foil phishers (19 December 2006)
http://www.theregister.co.uk/2006/12/19/opera_bolsters_phishing_filter/
Malware wars: Are hackers on top? (5 December 2006)
http://www.theregister.co.uk/2006/12/05/malware_trends/
MS reels in a few stray phish (23 November 2006)
http://www.theregister.co.uk/2006/11/23/ms_anti-phishing_campaign_update/
Social Security phishing scam surfaces (9 November 2006)
http://www.theregister.co.uk/2006/11/09/social_security_phishing_scam/
US harbours one-in-four phishing sites (7 November 2006)
http://www.theregister.co.uk/2006/11/07/phishing_stats_october/
Shadowcrew mastermind caged (30 June 2006)
http://www.theregister.co.uk/2006/06/30/shadowcrew_sentencing/
Shadowcrew six plead guilty to credit card fraud (18 November 2005)
http://www.theregister.co.uk/2005/11/18/shadowcrew/
Suspected bot master busted (4 November 2005)
http://www.theregister.co.uk/2005/11/04/suspected_bot_master_busted/
£6.5m phishing duo jailed (28 June 2005)
http://www.theregister.co.uk/2005/06/28/phishing_duo_jailed/
Brazilian cops net 'phishing kingpin' (21 March 2005)
http://www.theregister.co.uk/2005/03/21/brazil_phishing_arrest/
150+ cuffed in US-led cybercrime crackdown (27 August 2004)
http://www.theregister.co.uk/2004/08/27/operation_web_snare/