They went by online nicknames like "Cubby," "404myth," and "JoshTheGod."
One had details of more than 50,000 stolen credit cards, authorities said. Another sold malicious software that could record victims' computer keystrokes to siphon banking information. A third sold stolen credit card data in exchange for iPads, a camera and $250.
They were among two dozen alleged hackers who shared the latest techniques in cybercrime with each other in an online forum. And for the past two years, they also shared that information with the FBI, which created the forum as part of an undercover operation dubbed "Operation Card Shop."
On Tuesday, authorities announced 24 arrests in 13 countries on charges of stealing personal and banking data belonging to more than 400,000 victims around the world.
Eleven were arrested in the U.S. and 13 were arrested abroad, including England, Bosnia and Germany, according to Preet Bharara, the U.S. attorney for the Southern District of New York. Two arrested in California were younger than 18.
Authorities called it the largest international crackdown on the online trafficking of stolen credit card information, known as "carding."
The accused hackers were sophisticated and highly organized. They cracked into databases to steal credit card numbers, then used that information to make counterfeit credit cards, buy goods and services, make fake IDs, and sell that information to other hackers online, authorities said.
They communicated through "carding forums," or online marketplaces used by cybercriminals to exchange stolen credit card information, hacking techniques, or computer-security flaws that can be exploited to hack into computers and steal victims' online banking data, according to a statement from Bharara's office.
To avoid getting caught, they sent goods bought with stolen credit cards to "drop addresses," such as vacant apartments or houses, where other cybercriminals picked them up in exchange for payment, according to authorities.
The FBI infiltrated the ring by creating a carding forum, called "Carder Profit," where agents watched as the suspects discussed buying and selling stolen credit card data. The FBI recorded their IP addresses and email addresses, leading to Tuesday's arrests.
Authorities said they notified 47 companies, government agencies and schools that their computer networks had been breached by the suspects, averting a potential loss of more than $200 million.
The action by law enforcement shows that "clever computer criminals operating behind the supposed veil of the Internet are still subject to the long arm of the law," Bharara said in a statement.
SUBSCRIBE AND FOLLOW
Get top stories and blog posts emailed to me each day. Newsletters may offer personalized content or advertisements.Learn more