Close
Thank you! Your request has been sent.
We will get back to you soon.
 
We provide legal representation in the areas of civil rights, criminal law, family law, divorce, & child custody disputes in New Jersey & New York and Federal courts.
click here to return to home page
 

Tel.: (718) 376-6466
Fax: (718) 376-3033

1123 Avenue Z Brooklyn, NY 11235

arkady.bukh@yahoo.com
 
1
2
September
30 Thursday
2010

U.S. Charges 37 Alleged Mules and Others in Online Bank Fraud Scheme

Thirty-seven people are being charged in the United States for their alleged role in an international fraud ring based in East Europe that stole more than $3 million from bank accounts belonging primarily to small businesses and municipalities, according to indictments released Thursday.

The sophisticated ring included a multitude of East Europeans who entered the United States on student visas and fake passports to operate as so-called “money mules,”  laundering funds stolen from U.S. accounts and sending the money overseas.

Hackers believed to be in East Europe ran a botnet that used variants of the Zeus malware delivered to victims via e-mail. Zeus infected the victims’ computers to steal bank login credentials. The hackers then took over the accounts to initiate illegal bank transfers to other accounts controlled by the mules.

Last January, for example, about $130,000 was siphoned from the California bank account of a hospital.

The charges, filed in the Southern District of New York, are the culmination of a year-long investigation, dubbed Operation ACHing mules. “ACH” refers to Automated Clearing House, the system under which funds can be electronically transferred from one financial account to another.

The thieves recruited mules who entered the United States on J1 student visas, then provided them with the fake foreign passports. The mules used the passports to open fraudulent bank accounts in the United States under aliases to receive stolen funds transferred out of victim accounts. The mules then forwarded the funds to other bank accounts overseas or withdrew the cash at ATMs and smuggled the money out of the country.

The charges target 37 people in 21 separate cases. Nearly all of the suspects are in their 20s. Ten people were arrested in the United States in a coordinated takedown that coincided with the indictment release; 10 people were previously arrested. Another 17 (pictured above) are still at large. Those who have been arrested are mostly mules, but they also include managers and recruiters of the mules, as well as an individual, Sofia Dikova, who allegedly obtained the fake passports.

A shipment of fake passports was intercepted by authorities at Newark Liberty International Airport last January, which included a false Yugoslavian passport under the name Vesna Jelkovic, which bore Dikova’s photo.



July
28 Wednesday
2010

Ukranian carding king was lured to arrest

A Ukrainian carder who earned more than $11 million selling credit and debit card data stolen from top U.S. retailers was lured to a meeting in Turkey in 2007 where he was arrested by local authorities, according to a new report released Wednesday.

Maksym Yastremskiy, alleged to be the underground carding kingpin known as “Maksik,” was sentenced to 30 years in a Turkish prison. He was a key player in the criminal ring of TJX hacker Albert Gonzalez.

The Justice Department had said in its 2008 press release on the matter that he was seized while he was on vacation in Turkey. But according to the new information from the U.S. Secret Service, Yastremskiy was actually lured to a face-to-face meeting in Turkey with an undercover operative.

It’s unclear if the meeting was arranged after he was already in Turkey on vacation or if he was specifically lured to the country for the meeting. The Secret Service did not immediately respond to a call for comment.

The information appears in the appendix of the 2010 Verizon Data Breach Investigations Report (.pdf), an annual report that highlights information and statistics gleaned from breach investigations conducted by Verizon’s Investigative Response Team.

This year, for the first time, the report also incorporates data gleaned from cases investigated by the Secret Service. The latter includes some of the nation’s biggest breaches committed by Gonzalez and a team of U.S. and Russian hackers prior to 2008, when Gonzalez was finally arrested.

August
20 Thursday
2009

In Gonzalez Hacking Case, a High-Stakes Fight Over a Ukrainian’s Laptop

When Turkish police arrested Maksym “Maksik” Yastremskiy  — a Ukrainian wholesaler of stolen identity data — in July 2007, they didn’t just collar one of the most-wanted cybercriminals in the world. They also got a trove of evidence about Yastremskiy’s buyers and suppliers, all locked in an encrypted vault on his laptop computer.

Now federal prosecutors are hoping to introduce a copy of Yastremskiy’s files in its case against accused hacker Albert “Segvec” Gonzalez. Chat logs and other information on the disk allegedly show that Gonzalez was Yastremskiy’s major supplier of credit and debit card numbers.

But Gonzalez’s attorney is fighting to keep the data, and similar information seized from a server in Latvia, far away from the New York court room where Gonzalez is scheduled to stand trial next month on the first of three federal indictments. The argument unfolding over the disks illustrates the challenges and controversies of using electronic evidence gathered in foreign jurisdictions, and sheds more light on the unusual methods used to investigate what authorities have called the largest identity theft case in U.S. history.

Gonzalez and his co-conspirators staged high-profile breaches at TJX, Heartland Payment Systems, Dave & Buster’s and other retailers and payment processors.

One notable revelation in the government’s own filings (.pdf) is that Yastremskiy’s arrest did not mark the first time the Secret Service gained access to his computer files. On June 14, 2006 the Secret Service worked with local authorities to conduct a “sneak-and-peek” search of Yastremskiy’s laptop while he was traveling through Dubai, in the United Arab Emirates. The agency secretly obtained a copy of the man’s hard drive in the search.

The government says that stealth operation is irrelevant now, because it doesn’t plan on introducing the data from the sneak-and-peek at trial — only the data taken in Turkey at Yastremskiy’s arrest. But defense attorney Rene Palomino, Jr., says the earlier search may have been unlawful, and could have legally tainted the case: The disk image may have been used by U.S. authorities to obtain a provisional arrest warrant for Yastremskiy in California, and it was that warrant that led Turkish authorities to arrest him and seize his laptop.

In a court filing this month, the lawyer is asking (.pdf) for an evidentiary hearing to, among other things, “determine the extent to which the arrests and seizures were causally motivated by the prior sneak-and-peek conducted by the USSS in Dubai.”

Also at issue is the procedure used by Turkish authorities to recover data from the laptop. While U.S. forensics examiners routinely make a bit-for-bit copy of a seized hard drive and leave the original undisturbed,  there’s evidence that Turkish police tried to install software on the laptop in order to change the Windows password on the machine. Additionally, access times on some 3,000 files were disturbed. The hard drive broke while in Turkish custody, and was later deemed irreparable by the Secret Service.

July
28 Wednesday
2010

Ukrainian Carding King ‘Maksik’ Was Lured to Arrest

A Ukrainian carder who earned more than $11 million selling credit and debit card data stolen from top U.S. retailers was lured to a meeting in Turkey in 2007 where he was arrested by local authorities, according to a new report released Wednesday.

Maksym Yastremskiy, alleged to be the underground carding kingpin known as “Maksik,” was sentenced to 30 years in a Turkish prison. He was a key player in the criminal ring of TJX hacker Albert Gonzalez.

The Justice Department had said in its 2008 press release on the matter that he was seized while he was on vacation in Turkey. But according to the new information from the U.S. Secret Service, Yastremskiy was actually lured to a face-to-face meeting in Turkey with an undercover operative.

It’s unclear if the meeting was arranged after he was already in Turkey on vacation or if he was specifically lured to the country for the meeting. The Secret Service did not immediately respond to a call for comment.

The information appears in the appendix of the 2010 Verizon Data Breach Investigations Report (.pdf), an annual report that highlights information and statistics gleaned from breach investigations conducted by Verizon’s Investigative Response Team.

This year, for the first time, the report also incorporates data gleaned from cases investigated by the Secret Service. The latter includes some of the nation’s biggest breaches committed by Gonzalez and a team of U.S. and Russian hackers prior to 2008, when Gonzalez was finally arrested.


Gonzalez’s arrest was made possible by information obtained from an encrypted vault on Yastremskiy’s laptop.

According to the Verizon report, the investigation that nabbed Yastremskiy and Gonzalez began in April 2005, when the Secret Service’s San Diego Field Office initiated an online undercover operation dubbed Carder Kaos, which targeted the top people suspected of committing carding and other online financial crimes. The operation quickly focused on a suspect who went by the online nick “Maksik,” whom authorities say was “the most prolific vendor of compromised credit card numbers in the world.”

The Secret Service engaged in a number of undercover online transactions with “Maksik” involving the purchase of stolen credit card data, which led to face-to-face undercover meetings with Yastremskiy in Thailand, the United Arab Emirates, and Turkey. It was during his visits to these countries, the report says, that authorities obtained enough evidence to secure an indictment for Yastremskiy, which was filed in California.

April
19 Monday
2010

Cops Pull Plug on Rent-a-Fraudster Service for Bank Thieves

Two Belarusian nationals suspected of operating a rent-a-fraudster service for bank and identity thieves have been arrested overseas, according to New York authorities, who unsealed an indictment for one of the suspects on Monday.

Dmitry Naskovets, 25, and Sergey Semashko, 25, are suspected of creating and operating CallService.biz, a Russian-language site for identity criminals who trafficked in stolen bank-account data and other information. The website displayed an FBI logo Monday and the message, “This domain has been seized by the Federal Bureau of Investigation.”

Naskovets has been charged in U.S. District Court for Southern New York with one count each of aggravated identity theft and conspiracy to commit wire fraud and credit card fraud. Semashko has been charged by Belarusian authorities.

Naskovets was arrested in the Czech Republic last Thursday, at the request of U.S. authorities who have filed for extradition. Semashko was arrested the same day in Belarus.

According to the indictment (.pdf), the two entrepreneurs launched the site in Lithuania in June 2007 and filled a much-needed niche in the criminal world — providing English- and German-speaking “stand-ins” to help crooks thwart bank security screening measures.

In order to conduct certain transactions — such as initiating wire transfers, unblocking accounts or changing the contact information on an account — some financial institutions require the legitimate account holder to authorize the transaction by phone.

Thieves could provide the stolen account information and biographical information of the account holder to CallService.biz, along with instructions about what needed to be authorized. The biographical information sometimes included the account holder’s name, address, Social Security number, e-mail address and answers to security questions the financial institution might ask, such as the age of the victim’s father when the victim was born, the nickname of the victim’s oldest sibling or the city where the victim was married.

The thieves obtained the information through various means, such as phishing attacks and malware placed on victims’ computers to log their keystrokes.

CallService.biz would then have someone who matched the legitimate account holder’s gender and was proficient in the needed language, pose as the account holder and call the financial institution to authorize the fraudulent transaction.

One client, for example, requested assistance in July 2007 with illegally siphoning $35,000 from a checking account owned by someone in Westchester County, New York. The wire transfer occurred July 17.

The site boasted that its purveyors had served more than 2,000 criminal customers. Authorities wouldn’t say what fees the two allegedly charged or how much they earned from their scheme.

The two advertised their services on other carding sites, such as CardingWorld.cc, which was also operated by Semashko. The ads boasted that their team had conducted more than 5,400 “confirmation calls” to banks.