An international ring of cyber fraudsters has been broken up by police in the UK, US and Canada after they allegedly hacked into a ticket resale website using passwords stolen from other sites.
In a case with significant implications for security on the internet, the gang is accused of targeting Ebay's StubHub site and taking over the accounts of more than 1,600 users.
They then allegedly bought and resold tickets for concerts by the likes of Elton John and Jay-Z, Broadway shows like The Book of Mormon, and sporting events such as New York Yankees baseball games and the US Open.
According to US prosecutors, they made about $1m and the money was then laundered through banks in the UK.
Six people - three from Russia, two from New Jersey and one from New York - have been arrested in the US, with another three in the UK and one in Canada in an operation that involved the US Secret Service.
In a statement, Cyrus Vance, Manhattan District Attorney, said: “Cybercriminals know no boundaries - they do not respect international borders or laws.
“Today's arrests and indictment connect a global network of hackers, identity thieves, and money-launderers who victimized countless individuals in New York and elsewhere.”
He suggested a number of precautions to protect web accounts, including: “monitoring your accounts daily for unusual activity”, “frequently changing your passwords” and “never using the same password for more than one site.”
City of London Police Commissioner Adrian Leppard described the case as an “important investigation,” saying it showed that law enforcement was determined “to protect legitimate businesses and consumers from cyber-enabled fraud through the relentless pursuit of suspected criminals.”
StubHub said the gang managed to take over accounts despite not hacking the website itself.
“It is important to note, there have been no intrusions into StubHub technical or financial systems,” it said in a statement.
“Legitimate customer accounts were accessed by cyber criminals who had obtained the customers' valid login and password either through data breaches of other businesses, or through the use of key-loggers and/or other malware on the customers' PC.”Reuse content