Britain’s Serious Organised Crime Agency (Soca) has shut down 36 websites being used to sell stolen credit card data.
Soca worked with law enforcement agencies around the world – including the FBI in the US – to shit down the websites and arrest two men in the UK thought to be connected to the case. A third man, based in Macedonia, has also been arrested.
The Guardian says that the arrested men were accused of making "large-scale purchases of data about cards from the sites."
The sites were using e-commerce type systems known as Automated Vending Carts (AVCs) which let criminals buy and sell stolen data, such as credit card details and online banking information.
"This operation is an excellent example of the level of international cooperation being focused on tackling online fraud," said Lee Miles, head of cyber operations for Soca.
"Our activities have saved business, online retailers and financial institutions potential fraud losses estimated at more than half a billion pounds, and at the same time protected thousands of individuals from the distress caused by being a victim of fraud or identity crime," he added.
Rob Rachwald, director of Security Strategy from Imperva, said the move was a positive one if authorities are to win the fight the trade in stolen banking details.
Content from our partners
"This is significant. Although hacktivism has gotten a ton of attention in recent months, for-profit hacking continues at a costly rate and taking these sites offline is a serious blow," he said.
"Interestingly, law enforcement seems to be conducting arrests in batches–arresting or suspending criminal gangs as a network vs. individually. Just as all of LulzSec was arrested, now a network of carder sites is paralysed. And this approach makes sense since it can help eliminate a swath of criminal activity while potentially scaring others from filling the void," he added.
However, Marcin Kleczynski, CEO of Malwarebytes, said arrests and website closures are only a short-term measure.
"Cybercrime is a major problem today, with the data for millions of credit cards and personally identifiable information being sold on the underground market for a profit," he said. "However, this kind of problem will never be completely solved via arrests and warrants."
"Cyber criminals aren’t simply born, they learn how to become cyber criminals, the malware authors learn how to develop malware and spammers learn how to target and send spam in the most effective way," he added. "This means whether you arrested 10 or 10,000 criminals, it would still just be a matter of time before someone else pops up with the skills necessary to repeat what was happening before."
User education, so web users know how to protect themselves and their computers, and improvements in software security are a more effective method, Kleczynski said.
