A California rap artist has been arrested for his alleged connection to an international carding fraud and point-of-sale hacking scheme that involved thousands of debit and credit accounts.
The scheme, reported in June, is believed to involve two hackers who intercepted and sold nearly 200,000 debit and credit numbers they stole from restaurants in Seattle (see Feds Charge Hacker in POS Attacks).
Now authorities allege Charles Tony Williamson, a rapper known as "Guerilla Black," along with accomplices in California and Nevada, used stolen card numbers connected to those Seattle attacks to make fraudulent purchases, sometimes within hours of the numbers being intercepted.
On July 12, federal authorities arrested Williamson and charged him with access device fraud, bank fraud and aggravated identity theft. The 22-count indictment against him also charges him with conspiracy to access protected computers, conspiracy to commit access device fraud and conspiracy to commit bank fraud.
If found guilty, Williamson could face up 30 years in prison and a $1 million fine on the charges linked to bank fraud; 10 years and a $250,000 fine on the access device fraud and damaging a protected computer charges; and five years and a $250,000 fine on the conspiracy charges. The aggravated ID theft charges carry a mandatory two-year prison term.
According to a statement issued by the U.S. Attorney's Office for the Western District of Washington, Williamson is suspected of buying and fraudulently using credit and debit card numbers stolen in 2011 and 2012 from two Seattle restaurants whose POS systems were hacked. The attacks resulted in the compromise of more than 180,000 card numbers.
Connection to International Scheme
In June, authorities indicted David Benjamin Schrooten, a hacker known as "Fortezza," and Christopher Schroebel, charging the two with intercepting and selling the stolen card numbers on underground online forums, commonly known as carding sites. Schrooten, of the Netherlands but living in Romania at the time, allegedly posted and sold the numbers, taking advantage of the prominent role he played in the international computer hacking community. Schroebel, his Seattle-based accomplice, was charged with actually hacking the POS systems.
Schroebel was arrested in November and pleaded guilty in May. He is expected to be sentenced next month. Schrooten was arrested in Romania in March and was extradited to the U.S. in May. In June, he pleaded not guilty to all charges.
Williamson's Alleged Role
The indictment alleges Williamson communicated via e-mail with Schrooten and Schroebel, telling them he wanted to buy "dumps" of stolen card numbers "in bulk," which refers to the purchase of 100, 500 or more card numbers at a time. Williamson also allegedly indicated he wanted "freshly" stolen numbers, because they would be easier to use, since the cardholders would not yet know their information had been stolen.
According to the indictment, between Jan. 11, 2011, and Feb. 26, 2012, Williamson acquired at least 27,257 stolen card numbers, including those issued by American Express, Visa, MasterCard and Discover. Losses linked to fraudulent transactions have not been totaled. But authorities suspect approximately $150,000 in fraud resulted from the use of just 134 of those stolen numbers.
"Today's arrest shows that criminals cannot hide in cyberspace," says U.S. Attorney Jenny A. Durkan. "We will prosecute all parts of the criminal gang - regardless of where they may be."