A Belarusian who operated a rent-an-accomplice business for bank thieves has been sentenced to 33 months in prison in New York.
Dmitry Naskovets pleaded guilty to operating CallService.biz, a Russian-language site for identity criminals who trafficked in stolen bank-account data and other information.
Naskovets was arrested in 2010 in the Czech Republic at the request of U.S. authorities and subsequently extradited to the U.S. A co-conspirator named Sergey Semashko was arrested the same day in Belarus and has been charged there.
According to authorities, the two launched their site in Lithuania in June 2007 and filled a much-needed niche in the criminal world — providing English- and German-speaking “stand-ins” to help crooks thwart bank security screening measures.
In order to conduct certain transactions — such as initiating wire transfers, unblocking accounts or changing the contact information on an account — some financial institutions require the legitimate account holder to authorize the transaction by phone.
Thieves could provide the stolen account information and biographical information of the account holder to CallService.biz, along with instructions about what needed to be authorized. The biographical information sometimes included the account holder’s name, address, Social Security number, e-mail address and answers to security questions the financial institution might ask, such as the age of the victim’s father when the victim was born, the nickname of the victim’s oldest sibling or the city where the victim was married.
More than 2,000 identity thieves used the service to commit more than 5,000 acts of fraud, according to authorities.
“Through his website, Dimitry Naskovets served as the middleman for a network of identity thieves who used his many employees to impersonate thousands of victims in exchange for a stake in the profits from the fraudulent transactions they helped facilitate,” Manhattan U.S. Attorney Preet Bharara said in a statement. “This case is another example of how cybercrime knows no geographic boundaries and of how we will work with our partners in the United States and around the world to catch and punish cyber criminals.”
The thieves obtained the information through phishing attacks and malware placed on victims’ computers to log their keystrokes.
CallService.biz would then assign someone who matched the legitimate account holder’s gender and was proficient in the needed language. That person would pose as the account holder and call the financial institution to authorize the fraudulent transaction.