Police Arrest Seven For eBay StubHub Fraud

Young man in handcuffs - copyright Fotolia

Two arrests made in London as police swoop on international gang that defrauded eBay’s online ticketing service

The US law enforcement agencies have sucessfully broken up a cybercriminal gang after seven people were arrested in a number of different countries, including two in the UK.

The suspects are charged with defrauding eBay’s StubHub service, an online marketplace for buyers and sellers of tickets for live events such as theatre shows, music concerts and sporting events.

Police Arrests

The arrests were revealed by Manhattan District Attorney Cyrus Vance Jr. He told Reuters that seven arrests had been made, targeting a gang that had defrauded eBay’s StubHub online ticketing service of $1.6m (£940,600).

police handcuff security crime keyboard © Oleksiy Mark ShutterstockA Russian national was arrested whilst on holiday in Spain. Three people were arrested in London, two in the United States, and one in Canada.

All seven were charged with involvement in a cybercrime ring that used stolen credit card numbers to purchase thousands of tickets to events. The charges also included money laundering, possession of stolen property and identity theft.

The alleged cyber criminals apparently hacked into 1,000 customer accounts on StubHub and used them to purchase tickets to popular events, for example a recent Justin Timberlake tour.

But it seems that StubHub was aware of the the defrauding activities of the gang for a while. The company’s head of global communications, Glenn Lehrman, told Reuters that his firm has been working on the case with law enforcement around the world for the past year.

The Associated Press meanwhile reported that the criminals got the account-holders’ login and password information from data breaches at other websites, or from malware on the customers’ computers.

Cyber Crime

Law enforcement agencies around the world are starting to become more proactive in clamping down on cyber crime. Europol has established a dedicated division, the European Cybercrime Centre (EC3), which is actively engaged in tracking down online criminals. And in May, international police forces arrested 80 people involved in creation, distribution and use of malware sold under the BlackShades brand, 17 of them in the UK.

But experts are warning users to better protect their logins.

“Cybercrime is not the act of a single group, but rather is a large effort made by multiple factions and individuals, sometimes working together to make a profit, other times working against each other to secure a market,” said Adam Kujawa, head of threat intelligence at Malwarebyte. “All it takes is a small leak in a submarine to bring down the ship; in many cases, that is all that law enforcement has to go on when pursuing operations against criminals.”

“A coordinated and well-resourced attack against users could have been the source of all the stolen login credentials,” he added. “Often times, phishing attacks or the operation of spreading malicious software is broad enough to target a large group of victims, for the most profit.”

And Kujawa said that users should make use of password managers and antivirus/anti-malware software to stop these details getting into the hands of criminals.

“It is a good idea to avoid keeping things like financial information stored on a website like StubHub, mainly because of the potential dangers of someone being able to use that information in the future if your account login is stolen,” he warned.

“If a user does keep that kind of information included then they should be mindful of the dangers and also change their passwords often, just in case. These credentials could have been obtained a long time ago during a different attack against the user and then sold to the final assailants, in which case having a password change would have prevented the stolen credentials from being used by the attacked.”

How well do you know network security? Try our quiz and find out!