RegulationSecurityWorkspace

How UK Sleuths Are Threatening Would-Be Cyber Crooks

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

TechWeekEurope reveals email showing how SOCA is warning crooks they may be at risk of hefty jail sentences or be putting their families’ welfare in danger

The UK’s Serious Organised Crime Agency (SOCA) is apparently trying to scare off would be cyber criminals who are visiting online sites that purport to help them perpetrate electronic crimes.

SOCA has issued a press release saying it is contacting “individuals who have expressed an interest” in cyber crook websites, such as those selling credit card information or personal data. The release says it has  it contacted thousands of members of such illicit websites “either by direct email messaging or a personal visit to addresses throughout the UK”.

Additional information is scant, and SOCA’s press team didn’t get back in touch to a TechWeekEurope request for information. However, TechWeekEurope has seen one of the emails sent to individuals and can SOCA is clearly attempting to scare off wannabe or actual cyber crooks of at least one well known carding site selling people’e bank data. Intriguingly, the email was sent from the address carder.pro-admin@soca.pnn.police.uk – an address which could indicate SOCA has obtained control over a Carder.pro server.

Visa CodeSure Payment card creditSOCA scares cyber crooks by getting personal

In its email, SOCA tells recipients that if they are caught doing anything illegal on Carder.pro, they could face serious jail time. It gets personal too, warning there are “serious criminals” on such sites, who may “compromise your prospects in life and even the welfare of your family”.

“You have registered with Carder.pro. This is a forum which facilitates the commission of fraud and related criminal offences.  Under UK law an offence of fraud may be punished with imprisonment of up to 10 years,” the email read.

“The Serious Organised Crime Agency (SOCA) can track, monitor and investigate users of this forum. The fact that you have received this email does not prevent you being prosecuted if you engage in similar or related offences, and it may be used as supporting evidence of your premeditation to commit a criminal offence.”

SOCA then offers recipients a link, taking them to a webpage with further warnings and threats. The government policing body notes it has “used criminal and civil powers in UK law to seize assets including money, belongings and any property declared by the courts to be Proceeds of Crime”.

The Carder.pro website is still live, so it’s unclear whether any law enforcement activity has been taken against it. Another recipient of the message posted a copy of the email on Pastebin. SOCA did not say which other websites had been targeted as part of its operation.

Action on carders

The agency has had a number of past successes in tracking people involved in dealing credit card information. In April last year, it claimed to have  it helped recover 2.5 million credit cards and prevented the loss of at least £500 million as part of its involvement in a global operation that saw 36 carder websites shut down.

Such carding websites see a lot of business. In a recent trip to RSA’s Anti-Fraud Command Center in Tel Aviv, this publication saw plenty of sellers  offering card data for various prices, from $10 to $50. Such sites also see other wares sold, such as vulnerabilities. One Java flaw was on sale for $100,000 on one Russian underground market, RSA analysts said.

As for SOCA, its cyber arm is due to merge with the PCeU by October, when the National Cybercrime Unit (NCCU) is formed as part of the National Crime Agency, which the Home Office is putting together.

As responses to TechWeekEurope FOI requests have indicated, on a national scale British cyber policing is lacking in a number of areas, especially outside of the Greater London area. And the formation of the NCCU is causing plenty of headaches for those involved, given it doesn’t even have a headquarters or a boss yet.

UPDATE: SOCA got back in touch with TechWeek, offering the following statement: “We’re not giving specific details for operational reasons as the activity is ongoing, but we’ve coordinated a range of actions against persons with different degrees of association to the websites.

“These include contacting individuals to advise of the potential consequences if they continue such activity, Cease and Desist orders served by SOCA officers and Police partners, as well as a number of arrests carried out by partners in the DCPCU [Dedicated Cheque and Plastic Crime Unit].

“The arrests were part of activity directed against those who ran and used the Freshshop.net website, which facilitated the trade in stolen card data and according to card issuers was responsible for at least £26.9m in losses.”

Are you a security expert? Try our quiz!