DOJ Charges 36 Over $530M In Cyber ID Crime Spree

You’ve heard of a baker’s dozen. Well, here, perhaps, is the hacker’s three dozen — and might there be more?

According to reports by Reuters Wednesday, the U.S. Department of Justice said it had indicted 36 people from around the globe tied to an internet identity theft ring. The cybercriminals racked up nearly $530 million in losses to consumers and enterprises.

The newswire reported that law enforcement officials had so far nabbed 13 defendants in Australia, the United Kingdom, Italy, France, Serbia and the United States.

“Today’s indictment and arrests mark one of the largest cyber fraud enterprise prosecutions ever undertaken by the Department of Justice,” acting assistant attorney general John Cronan said.

Separately, CBS MarketWatch reported that those indicted were tied to a group called the Infraud Organization, which operated with the slogan “In Fraud We Trust.

In similar news published by, the group has been charged with nine counts ranging from conspiracy to racketeer to computer crimes. Members of the Infraud Organization acquired consumers’ identities and sold them, as well as compromised credit and debit cards, and all over a period of seven years.

The charges by the Justice Department — as detailed in the indictment, which was recently unsealed in Las Vegas — include that the Infraud group’s alleged founder and administrator, Ukranian national Svyatoslav Bondarenko, had created a forum on the Dark Web through a server called “Operation Shadow Web.” The forum claimed to be the “premier destination for carding, and to 18 direct traffic and potential purchasers to the automated vending sites of its members, which serve as online instruments that traffic in stolen means of identification, personally-identifying information, stolen financial and banking information and other illicit goods.”

The forum had amassed nearly 11,000 members, according to the indictment.

ZDNet also reported that the indictment details 117 separate criminal acts, such as hosting sites that stored “dumped” credit card data and the buying and selling of as many as 795,000 HSBC banking login credentials, among others.