SOCA & FBI seize 36 Criminal Credit Card Stores

Today the Serious & Organised Crime Agency (SOCA) in the UK announced the completion of a joint operation targeting 36 criminal websites dealing with stolen credit card and online bank account information. The April 26th Press Release indicates that the operation targeted a particular type of e-commerce platform known as an Automated Vending Cart, or AVC. Here's an advertisement from one of the sites, CVVPlaza.com:

The seized domains are now redirected to a website controlled by the FBI which reads:

The United States Government has seized this domain name pursuant to a seizure warrant issued by the United States District Court for the Eastern District of Virginia under the authority of 18 U.S.C. §§ 981(a)(1)(A) & (b)(2). A United States Magistrate Judge issued that seizure warrant after finding that a sworn affidavit established probable cause that this domain name was personal property involved in a transaction or attempted transaction in violation of section 18 U.S.C. § 1956(a)(2)(A) & (h)
If you registered this domain name, or otherwise claim an ownership interest in this domain name, you should consult an attorney about your rights.

(click for full size)

SOCA has requested that we not provide a full list of the domain names at this time, but two which they have revealed in their own products are "cvvplaza.com" and "ccstore.biz". The others will be added once permission is received.

Some of the screenshots provided by SOCA include:

a site offering an inventory of more than 37,000 confirmed credit cards:

and a fairly nice "search screen:

SOCA has recovered more than 2.5 million card numbers or credentials that they say would have granted the criminals access to more than £500 million (about $809 million US Dollars!) These were NOT the value of the cards currently available for sale in these card shops, but rather the value of the cards that have been recovered from criminals who purchased the cards from these card shops. The total inventory is expected to be much higher. SOCA is leading the way in international cooperation. In this case they worked with the BKA in Germany, the KLPD in the Netherlands, the Ukraine Ministry of Internal Affairs, the Australian Federal Police, the Romanian National Police and of course the FBI in the United States. These recoveries took place over the course of the past two years. The operator of at least one of these AVC stores was arrested in Macedonia by the Macedonian Ministry of the Interior's Cyber Crime Unit. Some online card shops have very simplistic interfaces, such as this: while others have extremely beautiful websites. Check out the login page for this site: Our friend Dancho Danchev has written extensively about the online carding markets, for example in his article: Exposing Market for Stolen Credit Cards. Brian Krebs has also written extensively on the topic with articles such as How much is your identity worth?