Account Takeover , Cybercrime , Fraud Management & Cybercrime

Co-Creator of Site That Sold Payment Card Data Pleads Guilty

Infraud Organization's Site, Shuttered in 2018, Tied to $530 Million in Fraud
Co-Creator of Site That Sold Payment Card Data Pleads Guilty
The Infraud Organization website was shuttered by law enforcement in 2018 (Source: US Justice Department)

A Russian national suspected of co-creating the Infraud Organization's online cybercrime forum that sold stolen payment card data and was tied to $530 million in fraud losses has pleaded guilty to federal conspiracy charges, according to the U.S. Justice Department.

On Friday, Sergey Medvedev, 33, pleaded guilty to a single charge of conspiracy under the Racketeer Influenced and Corrupt Organizations Act, commonly known as RICO, according to court documents filed in U.S. District Court of Nevada. Medvedev could face up to 10 years in federal prison.

See Also: The Financial Services Security Disconnect

In February 2018, U.S. and international law enforcement seized and shuttered the Infraud Organization website, which sold stolen payment card data. A nine-count Justice Department indictment unsealed at the time charged 36 individuals, including Medvedev, with a range of offenses. The indictment accused them of helping to run a cybercriminal forum tied to $530 million in confirmed fraud losses, with the intention of trying to steal more than $2.2 billion (see: Feds Dismantle Ukrainian's $530 Million Carding Empire).

In a similar, smaller-scale case last week, a judge sentenced the creator of the so-called "Cardplanet" site, which also trafficked in stolen payment card data, to nine years in federal prison (see: Russian Cybercriminal Behind 'Cardplanet' Site Sentenced).

Infraud Organization

The Infraud Organization ran an online forum dedicated to criminal activity that federal prosecutors claim had more than 10,000 members in March 2017. The site had the slogan "In Fraud We Trust."

The gang that operated Infraud engaged in a variety of identity theft and financial fraud from October 2010 to February 2018, prosecutors say. It's believed to be responsible for the sale or purchase of over 4 million compromised payment card numbers, according to the court filing. The aim of the organization was to develop the "premier online destination for the purchase and sale of stolen property and other contraband" that also serves as the source of other contraband vendors, according to the Justice Department.

The gang used advertising to direct web traffic from its website to other automated sites that were owned or operated by its members, helping other cybercriminals traffic in point-of-sale malware, banking Trojans, stolen payment card details and counterfeit identification, prosecutors say.

Medvedev's Role

Medvedev acted as an administrator, handling the day-to-day management decisions of the group. He decided who was permitted to be a member of the group and who had full access to the computer servers that hosted the Infraud Organization's website, according to the court documents.

Medvedev, who also went by the online names "Stells," "segmed" and "serjbear," operated an "escrow" or currency exchanging service that members of the gang used to facilitate the purchase and sale of contraband, prosecutors say.

Authorities charged Medvedev and Svyatoslav Bondarenko - who is also known as "Obnon," "Rector" and "Helkern" - with co-creating the Infraud Organization's website in 2010, although Bondarenko, who remains at large, appears to have stopped his involvement in 2015, according to court documents.

In April 2016, Medvedev posted on the Infraud forum that Bondarenko had gone missing, making Medvedev the "admin and owner" of the site, according to Friday's plea agreement with federal prosecutors.

When law enforcement closed the Infraud site in 2018, five suspects were arrested in the U.S., along with eight others in Australia, France, Italy, Kosovo, Serbia and the U.K. At the time, another 23 suspects remained at large, according to the Justice Department.


About the Author

Ishita Chigilli Palli

Ishita Chigilli Palli

Senior Correspondent, Global News Desk

As senior correspondent for Information Security Media Group's global news desk, Ishita covers news worldwide. She previously worked at Thomson Reuters, where she specialized in reporting breaking news stories on a variety of topics.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.in, you agree to our use of cookies.