The criminal syndicate had access to half a million Australian credit cards, with approximately 30,000 credit cards have been used for fraudulent transactions amounting to more than $30 million.
The investigation, codenamed Operation Lino, started in June 2011 when the Australian Federal Police (AFP) received a referral from an Australian financial institution related to suspicious credit card transactions. Stolen credit card data was being used to create false credit cards, enabling thousands of counterfeit transactions to be carried out in numerous overseas locations including Europe, Hong Kong, Australia and the US.
After the AFP identified the cause of the data compromise, the investigation grew to involve numerous international law enforcement partners, with the Australian banking and finance sector also providing strong support. Thing came to a head in Romania this week when 16 people were detained across the country. Seven of them were arrested and the criminal syndicate was successfully shut down.
The AFP says worked closely with Romanian authorities throughout the case and will continue to provide support during the prosecution phase in Romania. The AFP says no Australian credit card holders lost money as a result of these fraudulent transactions, because Australian financial institutions reimbursed the financial losses of cardholders.
AFP Manager for Cyber Crime Operations, Commander Glen McEwen said that today’s arrests are the result of significant cooperation across law enforcement and the financial industry. “This is the largest data breach investigation ever undertaken by Australian law enforcement. Without the cooperation of 13 other countries, along with Australia’s banking and finance sector, we would not have been able to track these illegal transactions to the criminal network in Romania.
“The successful outcome is a culmination of 17 months of hard work with these partners. Following initial inquiries, the AFP entered into a joint investigation with the Romanian National Police in March of this year, leading to these arrests,” said Commander McEwen.”
Steven Münchenberg, Chief Executive of the Australian Bankers’ Association (ABA), said, “We congratulate the police on their efforts on this fraud investigation. Banks have advanced monitoring systems to prevent fraud and in this case, they contacted customers when suspicious transactions occurred. Often banks will take immediate action to protect the account, stop transactions and cancel cards when it is confirmed that fraud may have been perpetrated,” Münchenberg said.
Abacus Australian Mutuals was one of the financial institutions involved with the case. CEO Louise Petschler said the case show that cybercrime is a global enterprise. “It underlines how a coordinated approach by law enforcement agencies, financial institutions, merchants and consumers can help fight card fraud. We all have a role to play to ensure credit card transactions are safe and secure,” she said.
“Policing is only one part of the solution to stop data compromises – credit cards should be kept in a secure place, ATMS should be checked for any unusual attachments, personal details including PINs should be protected, financial statements should be checked continuously, mail boxes should be secured and if possible, chip and pin security implemented on credit cards,” Commander McEwen said.
Security vendors have used the arrests to highlight the need for increased surveillance. Tom Kellerman, VP of Cyber Security at Trend Micro, has looked extensively at the Russian and East European undergrounds and cybercrime. “Small and medium sized business are increasingly being targeted by organised crime groups as these businesses maintain far less robust security, yet they offer a gateway into the payment systems.
“The US government has noted that all major organised crime syndicates have made a business model out of hacking. There is a robust service-based economy which is flourishing in Eastern Europe.”