Co-Creator of Site That Sold Payment Card Data Pleads GuiltyInfraud Organization's Site, Shuttered in 2018, Tied to $530 Million in Fraud
A Russian national suspected of co-creating the Infraud Organization's online cybercrime forum that sold stolen payment card data and was tied to $530 million in fraud losses has pleaded guilty to federal conspiracy charges, according to the U.S. Justice Department.
On Friday, Sergey Medvedev, 33, pleaded guilty to a single charge of conspiracy under the Racketeer Influenced and Corrupt Organizations Act, commonly known as RICO, according to court documents filed in U.S. District Court of Nevada. Medvedev could face up to 10 years in federal prison.
See Also: Automating Security Operations
In February 2018, U.S. and international law enforcement seized and shuttered the Infraud Organization website, which sold stolen payment card data. A nine-count Justice Department indictment unsealed at the time charged 36 individuals, including Medvedev, with a range of offenses. The indictment accused them of helping to run a cybercriminal forum tied to $530 million in confirmed fraud losses, with the intention of trying to steal more than $2.2 billion (see: Feds Dismantle Ukrainian's $530 Million Carding Empire).
In a similar, smaller-scale case last week, a judge sentenced the creator of the so-called "Cardplanet" site, which also trafficked in stolen payment card data, to nine years in federal prison (see: Russian Cybercriminal Behind 'Cardplanet' Site Sentenced).
The Infraud Organization ran an online forum dedicated to criminal activity that federal prosecutors claim had more than 10,000 members in March 2017. The site had the slogan "In Fraud We Trust."
The gang that operated Infraud engaged in a variety of identity theft and financial fraud from October 2010 to February 2018, prosecutors say. It’s believed to be responsible for the sale or purchase of over 4 million compromised payment card numbers, according to the court filing. The aim of the organization was to develop the "premier online destination for the purchase and sale of stolen property and other contraband" that also serves as the source of other contraband vendors, according to the Justice Department.
The gang used advertising to direct web traffic from its website to other automated sites that were owned or operated by its members, helping other cybercriminals traffic in point-of-sale malware, banking Trojans, stolen payment card details and counterfeit identification, prosecutors say.
Medvedev acted as an administrator, handling the day-to-day management decisions of the group. He decided who was permitted to be a member of the group and who had full access to the computer servers that hosted the Infraud Organization's website, according to the court documents.
Medvedev, who also went by the online names "Stells," "segmed" and "serjbear," operated an "escrow" or currency exchanging service that members of the gang used to facilitate the purchase and sale of contraband, prosecutors say.
Authorities charged Medvedev and Svyatoslav Bondarenko - who is also known as "Obnon," "Rector" and "Helkern" - with co-creating the Infraud Organization's website in 2010, although Bondarenko, who remains at large, appears to have stopped his involvement in 2015, according to court documents.
In April 2016, Medvedev posted on the Infraud forum that Bondarenko had gone missing, making Medvedev the "admin and owner" of the site, according to Friday's plea agreement with federal prosecutors.
When law enforcement closed the Infraud site in 2018, five suspects were arrested in the U.S., along with eight others in Australia, France, Italy, Kosovo, Serbia and the U.K. At the time, another 23 suspects remained at large, according to the Justice Department.