The UK's Serious Organised Crime Agency (SOCA) has taken down 36 website domains used to sell compromised payment card data and online bank account details.
In February, the agency took control of RnBXclusive.com after the music website was accused of hosting music illegally.
The latest operation against online criminals was carried out with help from the US Department of Justice and Federal Bureau of Investigation.
SOCA said the sites used e-commerce type platforms known as Automated Vending Carts (AVC’s) to enable criminals to sell large quantities of stolen data quickly and easily.
The agency has been tracking the development of AVCs and monitoring their use by cyber criminals, who support payment card and online banking fraud on a global scale.
As part of the operation, SOCA arrested two men suspected of making large scale purchases of compromised data from such sites.
In addition, the UK’s Dedicated Cheque & Plastic Crime Unit (DCPCU) seized a number of computers suspected of being used to facilitate Fraud Act offences, and acting on information supplied by SOCA, an AVC operator based in Macedonia was arrested by the Macedonian Ministry of Interior Cyber Crime Unit.
Working with law enforcement agencies in the US, Netherlands, Ukraine, Australia and Romania, SOCA has recovered over 2.5 million items of compromised personal and financial information in the past two years.
The recovered data has been passed to UK and overseas financial institutions to help prevent fraud taking place against the accounts and mitigate the impact of large-scale data thefts.
SOCA estimates that the potential international fraud prevented by the identification of this
detail is worth in excess of £500m.
“This operation is an excellent example of the level of international cooperation being focused on tackling online fraud," said Lee Miles, head of Cyber Operations for SOCA.
The agency's activities have saved business, online retailers and financial institutions potential fraud losses estimated at more than half a billion pounds, he said.
Although cyber criminals have been stealing and selling large volumes of compromised financial information for several years, said Miles, the past 18 months has seen criminals increasingly adopting e-commerce platforms to facilitate the sale of stolen data.
"The emergence of AVCs has enabled criminal groups to sell data in larger volumes and more
quickly than they were previously able to do," he said.
SOCA said the impact of this criminal trade is widespread and affects not only the individuals whose financial details are stolen but also the businesses that have the frauds perpetrated against them and the financial institutions that provide the services.
Rob Rachwald, director of security strategy at security firm Imperva said hacking for profit continues at a costly rate and taking these sites offline is a serious blow.
"Interestingly, law enforcement seems to be conducting arrests in batches; arresting or suspending criminal gangs as a network rather than individually," he said.
Rachwald believes this is a sound approach as it can help eliminate a swath of criminal activity, while potentially scaring others from filling the void.