Federal Courts Order Seizure of 36 Website Domains Involved in Selling Stolen Credit Card Numbers
U.S. Department of Justice April 26, 2012

Office of Public Affairs (202) 514-2007/ (202) 514-1888

WASHINGTON—Seizure orders have been executed against 36 domain names of websites engaged in the illegal sale and distribution of stolen credit card numbers, Assistant Attorney General Lanny A. Breuer of the Justice Department’s Criminal Division, U.S. Attorney Neil H. MacBride of the Eastern District of Virginia, and Acting Executive Assistant Director Kevin Perkins of the FBI’s Criminal, Cyber, Response, and Services Branch, announced today.

The seizures are the result of Operation Wreaking hAVoC, an FBI and Justice Department operation targeting the sale of stolen credit card numbers via the Internet. The operation was coordinated with international law enforcement, including the United Kingdom’s Serious Organised Crime Agency (SOCA).

The 36 seized domains are in the custody of the federal government. Visitors to the sites will now find a seizure banner that notifies them that the domain name has been seized by federal authorities.

“The websites we are targeting today were commercial outlets for stolen credit card information,” said Assistant Attorney General Breuer. “By making this information available on the Internet, these websites facilitated fraud on credit card holders around the world. The actions announced today are the result of extraordinary coordination with our international law enforcement partners and reflect our commitment to use every tool at our disposal to shut down fraudulent, criminal enterprises.”

“Countless lives are thrown into financial turmoil because of these websites,” said U.S. Attorney MacBride. “With a few simple clicks, thousands of stolen credit card numbers can be bought or sold to fraudsters anywhere in the world. Today’s seizures are part of an ongoing campaign to disrupt this online market regardless of where it operates.”

“By seizing the websites the criminal underground uses to blatantly sell stolen personal information, Operation Wreaking hAVoC shows that we are committed to protecting individuals online and preventing criminals from using the Internet to line their pockets,” said FBI Acting Executive Assistant Director Perkins. “The FBI and our partners around the world are committed to disabling these criminal networks. No single law enforcement agency can fight cyber crime on its own, and the FBI is proud to be a part of such an outstanding effort by all of the participating agencies.”

The websites of the seized domain names are commonly referred to as Automated Vending Carts (AVCs). An AVC is a website that functions as an open-ended invitation to any visitor to purchase stolen credit card numbers. AVCs allow a user to buy stolen credit card data over the Internet, even using an online shopping cart, just like a traditional online retailer. Some AVC sites allow a buyer to select which type of credit card number to purchase, the account’s country of origin, and, in some cases, the state in which the account holder lives. AVCs allow sellers to traffic stolen credit card data without communicating directly with buyers.

During this operation, law enforcement officials made undercover purchases of credit card numbers, including credit card numbers issued by Bank of America, SunTrust, and Capital One. The banks confirmed that the sites were not authorized to sell the credit card numbers. Seizure orders were obtained from a federal magistrate judge in the Eastern District of Virginia.

This U.S. operation was led by FBI’s Washington Field Office; the Computer Crime and Intellectual Property and Asset Forfeiture and Money Laundering Sections of the Justice Department’s Criminal Division; and the U.S. Attorney’s Office for the Eastern District of Virginia. The FBI’s Pittsburgh Field Office and the U.S. Attorney’s Office for the Western District of Pennsylvania also assisted in the investigation.

The international operation was led by the United Kingdom’s SOCA. The Australian Federal Police (AFP); German Bundeskriminalamt (BKA); United Kingdom’s Dedicated Cheque and Plastic Crime Unit (DCPCU); Macedonian Ministry of Interior Cyber Crime Unit (MOI); Ukraine Ministry of Internal Affairs; Romanian Ministry of Interior; and the Dutch High-Tech Crimes Unit (KLPD) provided assistance. Activities conducted by these international law enforcement agencies included arrests of AVC operators and purchasers, additional domain seizures, and data seizures.

How to Prevent Homecare and Hospice Medical Identity Theft

As more and more baby boomers reach their golden years, more and more of them need the services of homecare and hospice agencies. This rapid influx is good for the industry, but agencies need to be as vigilant as ever in their hiring practices of caregivers.

Why? Because medical identity theft is on the rise, and homecare and hospice agencies are easy targets. You need to take immediate action to safeguard your agency, reputation, and clients from the growing threat of medical identity theft.

Medical identity theft is an insidious crime in which an identity thief uses someone else’s identity to gain access to medical services, treatment, or equipment. Since elderly patients are particularly vulnerable to the dangers of medical identity theft, your agency must take extra precautions. This includes stringent hiring protocols and foolproof IT policies and procedures.

Most agencies consult with experts to ensure their entire operation is protected from medical identity theft. Through a comprehensive review of the organization, medical identity theft experts ensure that homecare and hospice agencies:
• Perform thorough background checks on all employees: Employees are the first line of defense to prevent medical identity theft, so it’s critical that homecare and hospice agencies put employees through a rigorous screening process. A medical identity theft expert assists with criminal background checks, speaking with references, and setting up a system for maintaining extensive employee records.
• Create medical identity theft policies and procedures: Professional agencies need to have a strict set of policies and procedures in place to safeguard protected health information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA).
• Ensure patient records are secure: Agencies should also have a secure IT network that only allows authorized users to access sensitive patient information. A medical identity thief can run rampant and ruin lives with the push of a button unless safeguards are built into the system. Complex passwords should be implemented only for those employees who need access to patient records.
• Make sure both the doctors and patients are “real”: Many medical identity thieves prey on the system by actually impersonating doctors and patients for monetary gain. This includes pretending to be a doctor to prescribe medication for the thief and/or his cohorts, as well as using another person’s insurance card to obtain medical services. Do your homework to ensure that physicians have professional references and admitting privileges to medical facilities.

As a homecare or hospice agency, you can significantly reduce your vulnerability to medical identity theft by working with a medical ID theft expert. Visit www.TheIdentityAdvocate.com or call 310.831.4400 to schedule your comprehensive medical identify theft review. And, don’t forget to ask how you can safeguard your agency with an eye-opening “Lunch and Learn” for your employees.

Read this great article posted at Fierce EMR ( http://www.fierceemr.com/story/ehrs-major-cause-patient-info-breaches/2012-04-12?utm_medium=nl&utm_source=internal ) and continue to worry about who has access to your person health information. Identity Theft is coming at everyone from so many sources, whether it is from a stolen laptop, thumb-drive, Identity Theft rings or cyber-hacking, we can never be sure who can access our information. And what do you do to protect it or more importantly who quickly can you recover your information if it has been compromised? See my website protection page information at: http://www.theidentityadvocate.com/identity-theft-protection.php.
Call or connect with me for questions!