Feds Bust $530M Infraud Cybercrime Ring: 36 Global Indictments Unsealed

Law Enforcement Dismantles Transnational Criminal Organization Responsible for More than $530 Million in Cybercrime Losses in International Operation Shadow Web (Image courtesy of the AFP and YouTube)

A federal indictment was unsealed on Wednesday charging 36 individuals for their alleged roles in the Infraud Organization, an Internet-based cybercriminal enterprise engaged in the large-scale acquisition, sale, and dissemination of stolen identities, compromised debit and credit cards, personally identifiable information, financial and banking information, computer malware, and other contraband.

Following the return of a nine-count superseding indictment by a Las Vegas, Nevada, grand jury alleging racketeering conspiracy and other crimes, federal, state, local, and international law enforcement authorities arrested 13 defendants from the United States and six countries: Australia, the United Kingdom, France, Italy, Kosovo and Serbia.

Acting Assistant Attorney General John P. Cronan of the Justice Department’s Criminal Division, U.S. Attorney Dayle Elieson of the District of Nevada, and Acting Executive Associate Director Derek N. Benner of U.S. Immigration and Customs Enforcement’s Homeland Security Investigations (HSI) made the announcement.

Acting Assistant Attorney General John P. Cronan
Acting Assistant Attorney General John P. Cronan

“Today’s indictment and arrests mark one of the largest cyberfraud enterprise prosecutions ever undertaken by the Department of Justice,” said Acting Assistant Attorney General Cronan.

“As alleged in the indictment, Infraud operated like a business to facilitate cyberfraud on a global scale.”

“Its members allegedly caused more than $530 million in actual losses to consumers, businesses, and financial institutions alike—and it is alleged that the losses they intended to cause amounted to more than $2.2 billion.”

“The Department of Justice refuses to allow these cybercriminals to use the perceived anonymity of the Internet as a shield for their crimes.”

“We are committed to working closely with our international counterparts to identify, investigate, and bring to justice the perpetrators of these crimes, wherever in the world they operate.”

“The U.S. Attorney’s Office is steadfastly committed to protecting America’s national and economic security,” said U.S. Attorney Elieson.

“Criminals cannot hide behind their computer screens. We are working vigilantly with American and international law enforcement partners to identify and disrupt transnational cybercrime organizations, such as the Infraud Organization.”

HSI Acting Executive Associate Director Derek N. Benner
HSI Acting Executive Associate Director Derek N. Benner

“Criminal cyber organizations like Infraud threaten not just U.S. citizens but people in every corner of the globe,” said HSI Acting Executive Associate Director Benner.

“The actions of computer hackers and identity thieves not only harm countless innocent Americans, but the threat they pose to our financial system and global commerce cannot be overstated.

“The criminals involved in such schemes may think they can escape detection by hiding behind their computer screens here and overseas, but as this case shows, cyberspace is not a refuge from justice.

“HSI will continue working with our law enforcement partners in this country and around the world to aggressively target cyber thieves to ensure the perpetrators face the full weight of the law.”

According to the indictment, the Infraud Organization was created in October 2010 by Svyatoslav Bondarenko aka “Obnon,” aka “Rector,” aka “Helkern,” 34, of Ukraine, to promote and grow interest in the Infraud Organization as the premier destination for carding—purchasing retail items with counterfeit or stolen credit card information—on the Internet.

Under the slogan, “In Fraud We Trust,” the organization directed traffic and potential purchasers to the automated vending sites of its members, which served as online conduits to traffic in stolen means of identification, stolen financial and banking information, malware, and other illicit goods.

Operation Shadow Web (Image courtesy of the DOJ)
Law Enforcement Dismantles Forum Used to Victimize Millions in all 50 States and Worldwide in One of the Largest Cyberfraud Enterprises Ever Prosecuted by the Department of Justice (Image courtesy of the DOJ)

It also provided an escrow service to facilitate illicit digital currency transactions among its members and employed screening protocols that purported to ensure only high quality vendors of stolen cards, personally identifiable information, and other contraband were permitted to advertise to members.

According to the indictment, Infraud members held defined roles within the organization’s hierarchy.

  • “Administrators” managed day-to-day operation of and strategic planning for the organization, approved and monitored membership, and meted out punishments and rewards to members.
  • “Super Moderators” oversaw and administered specific subject-matter areas within their expertise.
  • “Moderators” moderated one or two specific sub-forums within their areas of subject-matter expertise.
  • “Vendors” sold illicit products and services to Infraud members.
  • Finally, “VIP Members” and “Members” used the Infraud forum to gather information and to facilitate their criminal activities.
  • As of March 2017, there were 10,901 registered members of the Infraud Organization.

During the course of its seven-year history, the Infraud Organization inflicted approximately $2.2 billion in intended losses, and more than $530 million in actual losses, on a wide swath of financial institutions, merchants, and private individuals, and would have continued to do so for the foreseeable future if left unchecked.

Image courtesy of the Department of Justice

The defendants indicted for their alleged roles in the Infraud Organization’s transnational racketeering conspiracy include:

  • Svyatoslav Bondarkeno of Ukraine;
  • Amjad Ali aka “Amjad Ali Chaudary,” aka “RedruMZ,” aka “Amjad Chaudary,” 35, of Pakistan;
  • Roland Patrick N’Djimbi Tchikaya aka “Darker,” aka “dark3r.cvv,” 37, of France;
  • Miroslav Kovacevic aka “Goldjunge,” 32, of Serbia;
  • Frederick Thomas aka “Mosto,” aka “1stunna,” aka “Bestssn,” 37, of Alabama;
  • Osama Abdelhamed aka “MrShrnofr,” aka “DrOsama,” aka “DrOsama1,” 27, of Egypt;
  • Besart Hoxha aka “Pizza,” 25, of Kosovo;
  • Raihan Ahmed aka “Chan,” aka “Cyber Hacker,” aka “Mae Tony,” aka “Tony,” 26, of Bangladesh;
  • Andrey Sergeevich Novak aka “Unicc,” aka “Faaxxx,” aka “Faxtrod” of the Russian Federation;
  • Valerian Chiochiu aka “Onassis,” aka “Flagler,” aka “Socrate,” aka “Eclessiastes,” 28, of Moldova;
  • John Doe #8 aka “Aimless88;”
  • Gennaro Fioretti aka “DannyLogort,” aka “Genny Fioretti,” 56, of Italy;
  • Edgar Rojas aka “Edgar Andres Viloria Rojas,” aka “Guapo,” aka “Guapo1988,” aka “Onlyshop,” 27, of Australia;
  • John Telusma aka “John Westley Telusma,” aka “Peterelliot,” aka “Pete,” aka “Pette,” 33, of Brooklyn, New York;
  • Rami Fawaz aka “Rami Imad Fawaz,” aka “Validshop,” aka “Th3d,” aka “Zatcher,” aka “Darkeyes,” 26, of Ivory Coast;
  • Muhammad Shiraz aka “Moviestar,” aka “Leslie” of Pakistan;
  • Jose Gamboa aka “Jose Gamboa-Soto,” aka “Rafael Garcia,” aka “Rafael101,” aka “Memberplex2006” aka “Knowledge,” 29, of Los Angeles, California;
  • Alexey Klimenko aka “Grandhost,” 34, of Ukraine;
  • Edward Lavoile aka “Eddie Lavoie,” aka “Skizo,” aka “Eddy Lavoile,” 29, of Canada;
  • Anthony Nnamdi Okeakpu aka “Aslike1,” aka “Aslike,” aka “Moneymafia,” aka “Shilonng,” 29, of the United Kingdom;
  • Pius Sushil Wilson aka “FDIC,” aka “TheRealGuru,” aka “TheRealGuruNYC,” aka “RealGuru,” aka “Po1son,” aka “1nfection,” aka “1nfected,” 31, of Flushing, New York;
  • Muhammad Khan aka “CoolJ2,” aka “CoolJ,” aka “Secureroot,” aka “Secureroot1,” aka “Secureroot2,” aka “Mohammed Khan,” 41, of Pakistan;
  • John Doe #7 aka “Muad’Dib;”
  • John Doe #1 aka “Carlitos,” aka “TonyMontana;”
  • David Jonathan Vargas aka “Cashmoneyinc,” aka “Avb,” aka “Poony,” aka “Renegade11,” aka “DvdSVrgs,” 33, of San Diego, California;
  • John Doe #2;
  • Marko Leopard aka “Leopardmk,” 28, of Macedonia;
  • John Doe #4 aka “Best4Best,” aka “Wazo,” aka “Modmod,” aka “Alone1,” aka“Shadow,” aka “Banderas,” aka “Banadoura;”
  • Liridon Musliu aka “Ccstore,” aka “Bowl,” aka “Hulk,” 26, of Kosovo;
  • John Doe #5 aka “Deputat,” aka “Zo0mer;”
  • Mena Mouries Abd El-Malak aka “Mina Morris,” aka “Source,” aka “Mena2341,” aka “MenaSex,” 34, of Egypt; and
  • John Doe #6 aka “Goldenshop,”aka “Malov.”

In addition, Novak and “Goldenshop” are charged with three counts each and “Deputat” and Musliu one count each of possession of 15 or more counterfeit and unauthorized access devices.

The superseding indictment is the result of an investigation conducted by the Las Vegas Office of Homeland Security Investigations; the Henderson, Nevada, Police Department; the Criminal Division’s Organized Crime and Gang Section; and the U.S. Attorney’s Office for the District of Nevada.

The international operation to dismantle the Infraud Organization would have been impossible without the significant efforts and timely cooperation of the following agencies:

  • Justice Department’s Office of International Affairs and International Organized Crime Intelligence and Operations Center
  • Interpol Rome; Interpol Tirana
  • The Italian National Police (Postal and Communications Police)
  • The Australian Federal Police and the International Crime Cooperation Central Authority, Australian Government Attorney-General’s Department
  • The U.S. Diplomatic Security Service, Regional Security Office at U.S. Embassy Tirana, Albania
  • The City of London Police, DCPCU
  • The French Ministry of Justice, the Paris Prosecutor, L’Office Central de Lutte contre la Criminalité liée aux Technologies de l’Information et de la Communication
  • The judicial and police authorities of the Grand Duchy of Luxembourg
  • The Directorate for Organized Crime Investigation, Sector for Cyber Crime Investigation; the Basic Prosecution Office Pristina, Kosovo, and
  • The Ministry of Justice of the Republic of Kosova, Department for International Legal Cooperation and the Special Prosecution Office for High-Tech Crime of the Republic of Serbia

Deputy Assistant Attorney General David Rybicki of the Criminal Division Remarks on International Cyber Fraud Ring Takedown, on Wednesday, Feb. 7th

Today marks a significant step in the battle against transnational cybercrime.

A federal grand jury in the District of Nevada has returned an indictment, unsealed today, against 36 cybercriminals from the United States and 17 countries on five continents who participated in a transnational racketeering enterprise via an internet forum called “Infraud.”

Deputy Assistant Attorney General David Rybicki
Deputy Assistant Attorney General David Rybicki

Members of the Infraud Organization used the forum to coordinate and conduct online criminal activities that included identity theft, bank fraud, wire fraud and computer crimes.

Coordinated with the unsealing of the indictment today, U.S. Department of Homeland Security agents across the country and our law enforcement counterparts in France, the United Kingdom, Italy, Australia, Kosovo, Serbia and Albania have conducted operations that have resulted in the arrest of 13 members of the Infraud Organization.

Operating under the slogan “In Fraud We Trust,” members of the Infraud Organization used the online forum to purchase and sell stolen credit card numbers, financial information, social security numbers, passwords and other personally identifying information; they advertised services that facilitated these activities and related, illicit financial transactions; and they disseminated malware.

Infraud was truly the premier one-stop shop for cybercriminals worldwide.

Over the course of the Infraud Organization’s seven-year history, its members targeted more than 4.3 million credit cards, debit cards and bank accounts held by individuals around the world and in all 50 states.

The actions of the Infraud Organization resulted in approximately $2.2 billion in intended losses and over $530 million in actual losses to U.S. financial institutions, merchants and consumers.

That makes this case one of the largest cyber fraud enterprise prosecutions ever undertaken by the Department of Justice.

This case reflects the alarming and increasing threat posed by cybercrime.

A recent report predicts that the annual cost of global cybercrime will exceed $2 trillion by 2019, four times the 2015 estimate.

Those staggering numbers demonstrate why addressing this growing danger is among the Department’s top priorities.

Like most organized transnational criminal enterprises, Infraud’s members had defined roles within the organization’s hierarchy.

But unlike the organized crime of years past, many of the organization’s nearly 11,000 members have never met in person and do not know the true identities of their co-conspirators — they know each other only by their online user names and other anonymized identifiers.

Infraud members used the forum’s private message threads, digital currency escrow services, VPNs, and other anonymizing software, to keep it that way.

But as today’s announcement demonstrates, the Department of Justice refuses to allow cybercriminals to hide behind the anonymity of the web while stealing personally identifying information, emptying bank accounts, and wreaking havoc on our nation’s digital infrastructure and financial system.

We aggressively investigate, indict, and when possible, prosecute the cybercriminals responsible for such brazen attacks.  The charges and arrests announced today are a victory for the rule of law.

Long-term success in the fight against global cybercrime — not only against groups like Infraud, but also cybercriminals who flock to dark web markets for child pornography, human trafficking, illegal drugs, firearms and narcotics — requires that we systematically address the many challenges posed by cybercrime.

Cybercriminals consistently seek new ways to abuse and exploit developing technologies.

But the dedicated professionals at the Department of Justice are equally hard at work ensuring that we have the ability to effectively investigate and prosecute these cybercriminals, as well as to conduct outreach to the cybersecurity community and to advocate for legislative change, when necessary.

While we continue to use all lawful tools available to identify, apprehend and prosecute cybercriminals, at the same time we are also working toward a comprehensive cybercrime strategy.

As you have heard today, law enforcement across the globe acted swiftly to take Infraud’s cybercriminals off the Internet.

This case is the result of the outstanding work of U.S. Immigration and Customs Enforcement’s Homeland Security Investigations; the Henderson, Nevada, Police Department; the U.S. Attorney’s Office for the District of Nevada; the Criminal Division’s Organized Crime and Gang Section; our foreign law enforcement counterparts; and the Criminal Division’s Office of International Affairs.

On behalf of the Department, I thank them for their efforts in this case and for their daily work to curb the threats posed to our citizens by transnational criminal enterprises like the Infraud Organization.


The charges in the indictment are merely allegations, and the defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

Trial Attorneys Kelly Pearson and Chimaobim Nwachukwu of the Criminal Division’s Organized Crime and Gang Section and Assistant U.S. Attorney Chad W. McHenry of the District of Nevada are prosecuting the case.