Thirty-six individuals from across the globe were indicted by a Las Vegas, Nevada grand jury this past Wednesday, February 7, 2018, for their alleged roles in a cyber-criminal enterprise known as the Infraud Organization (short for “In Fraud We Trust”), one of the longest-running “one-stop shops for cybercriminals worldwide.”

Infraud was an online community engaged in the large-scale acquisition, sale, and dissemination of stolen identities, debit and credit cards, personally identifiable information, financial and banking information; computer malware; and other contraband. The United States Justice Department alleges that Infraud caused more than $530 million in actual losses, and had intended to cause more than $2.2 billion in losses. Among the stolen items were HSBC bank logins, PayPal logins and credentials, and credit card numbers. Infraud also provided escrow services to facilitate its members’ illicit transactions and employed screening protocols to ensure that its vendors were of “high quality.”

As of March 2017, the organization’s forums hosted 10,901 member accounts. The website has since been taken down and replaced with a seizure notice.

Infraud founder Svyatoslav Bondarenko of Ukraine allegedly went missing in 2015, and has yet to be apprehended. Co-founder Sergey Medvedev, also of Ukraine, allegedly took over Bondarenko’s role as administrator in 2015 when Bondarenko went missing; Medvedev was apprehended earlier this month in Thailand while on holiday. Four other alleged, higher-ranking members of the organization still remain at large.

Overall, at least thirteen of the thirty-six defendants have been apprehended, including all five defendants from the United States: Frederick Thomas of Alabama; John Telusma of Brooklyn, New York; Jose Gamboa of Los Angeles, California; David Jonathan Vargas of San Diego, California; and Pius Sushil Wilson of Flushing, New York. Allegedly, Thomas, Telusma, Gamboa, and Vargas were vendors who sold illicit products and services to the organization’s members, while Wilson was allegedly a “VIP member” of the organization that purchased compromised credit cards and repeatedly solicited sales for more compromised credit cards. Others who were apprehended abroad are awaiting extradition.

While it may be unlikely that the shutdown of Infraud will significantly curb cyber-fraud crimes in the future, it has disrupted one of the largest cyber-fraud organizations, and may potentially lead to other “busts” should the multi-national law enforcement agencies involved here track other Infraud members as they flee to different communities.

Although this news may be encouraging to all potential victims of cyber-fraud, consumers and businesses should still remain vigilant about protecting themselves from cybercrime.

The U.S. Department of Justice news release is located here: