FBI and Justice Department investigators seized three dozen domain names from websites that sell stolen credit card numbers, according to officials. Operation Wreaking hAVoC targeted sites that offered access to compromised accounts for between $2 and $100 per card number. Capital One, SunTrust and Bank of America representatives assisted investigators by confirming the validity of credit card accounts listed on the targeted websites.
In statements to reporters, investigators described the websites as "automated vending carts," also known as AVCs. The mostly automated systems work almost like popular e-commerce websites, allowing buyers to fill a virtual shopping cart with bundles of stolen data.
AVCs streamline the process of trafficking credit card details for various purposes. According to investigators, some criminals like to clone physical cards from accounts with nearby billing addresses, to facilitate fraudulent retail transactions. Other criminals prefer gold and platinum cards with high credit limits.
Visitors to the websites now see a banner, informing them that the domains have been seized by federal authorities. In addition, through partnership with law enforcement officials around the world, some of the websites' operators face arrest and possibly extradition for their involvement in the crimes. According to a report in UK newspaper The Independent, one man in the Balkan nation of Macedonia was among those arrested in connection with the investigation. Meanwhile, two British citizens remain in custody for purchasing stolen data from the targeted websites.
Recent changes to federal law and to global Internet management policies enable American law enforcement officials to seize domain names of websites involved in criminal activity, when those domains fall under U.S. jurisdiction. Seizing a domain name makes stolen data harder to find, although investigators remain unable to lay their hands on the actual servers and storage devices containing the information.