Two Belarusian nationals suspected of operating a rent-a-fraudster service for bank and identity thieves have been arrested overseas, according to New York authorities, who unsealed an indictment for one of the suspects on Monday.
Dmitry Naskovets, 25, and Sergey Semashko, 25, are suspected of creating and operating CallService.biz, a Russian-language site for identity criminals who trafficked in stolen bank-account data and other information. The website displayed an FBI logo Monday and the message, “This domain has been seized by the Federal Bureau of Investigation.”
Naskovets has been charged in U.S. District Court for Southern New York with one count each of aggravated identity theft and conspiracy to commit wire fraud and credit card fraud. Semashko has been charged by Belarusian authorities.
Naskovets was arrested in the Czech Republic last Thursday, at the request of U.S. authorities who have filed for extradition. Semashko was arrested the same day in Belarus.
According to the indictment (.pdf), the two entrepreneurs launched the site in Lithuania in June 2007 and filled a much-needed niche in the criminal world — providing English- and German-speaking “stand-ins” to help crooks thwart bank security screening measures.
In order to conduct certain transactions — such as initiating wire transfers, unblocking accounts or changing the contact information on an account — some financial institutions require the legitimate account holder to authorize the transaction by phone.
Thieves could provide the stolen account information and biographical information of the account holder to CallService.biz, along with instructions about what needed to be authorized. The biographical information sometimes included the account holder’s name, address, Social Security number, e-mail address and answers to security questions the financial institution might ask, such as the age of the victim’s father when the victim was born, the nickname of the victim’s oldest sibling or the city where the victim was married.
The thieves obtained the information through various means, such as phishing attacks and malware placed on victims’ computers to log their keystrokes.
CallService.biz would then have someone who matched the legitimate account holder’s gender and was proficient in the needed language, pose as the account holder and call the financial institution to authorize the fraudulent transaction.
One client, for example, requested assistance in July 2007 with illegally siphoning $35,000 from a checking account owned by someone in Westchester County, New York. The wire transfer occurred July 17.
The site boasted that its purveyors had served more than 2,000 criminal customers. Authorities wouldn’t say what fees the two allegedly charged or how much they earned from their scheme.
The two advertised their services on other carding sites, such as CardingWorld.cc, which was also operated by Semashko. The ads boasted that their team had conducted more than 5,400 “confirmation calls” to banks.