The U.S. Department of Justice arrested 13 cybercriminals from 17 countries, including the United States, from the Infraud dark web criminal carding and malware organization, the agency announced Wednesday.
The group is charged with defrauding over $530 million from victims and $2.2 billion in losses, with the majority coming from crimes tied to identity fraud. A newly released indictment also names 23 other alleged members of Infraud who remain at large.
In terms of scale of money stolen and international reach, the DOJ said Infraud is among the biggest in the world.
“The sole purpose of the organization is the large scale acquisition and dissemination of stolen identities, compromised debit and credit cards, personally identifying information, computer malware and other products used to unlawfully enrich members and associates of the Infraud association,” Dale Eliason, U.S. Attorney of Nevada, said in a call with reporters.
The alleged Infraud creator is Svyatoslav Bondarenko, a Ukranian national named who, according to police, launched Infraud in October 2010. He stopped posting on the site in 2015, but was indicted for his alleged role. Bondarenko remains at large.
The alleged “co-founder,” Sergey Medvedev is a Russian national who has been active since November 2010. He is alleged to operate a trusted “escrow” or currency exchanging service to ensure transactions between Infraud members, according to the Department of Justice. Medvedev took over as leader of the group after Bondarenko left in 2015. Medvedev has been arrested.
Here’s the DOJ’s organizational chart for Infraud:
Most of the organization, including five out of six of Infraud’s leaders, remain at large.
The alleged Infraud members face 20 years in prison on charges including racketeering and conspiracy. The take-down of Infraud was accomplished with cooperation from police in the U.S., Australia, the United Kingdom, France, Italy, Kosovo and Serbia. At least eight individuals have been arrested internationally and are awaiting extradition to the United States.
Like many major cybercriminal organizations, it was against the rules to buy or sell stolen access devices and other contraband belonging to victims within Russia.
You can read the indictment below.
Update: Added the organizational chart and details on arrests.