A detailed analysis of the joint operation by banks and cyber police against carders in 2023

[Student]

Hello! For educational purposes, I will detail how the joint efforts of banks and law enforcement agencies, including cyber police, led to the arrests of carders in 2023, focusing on key operations, interaction mechanisms, technologies, and results. I will focus on the international operation HAECHI IV, as it had the largest impact on carding and financial crimes, and will also mention other relevant initiatives. I will explain the processes, roles of participants, carder methods, and how their activities were stopped, providing context for understanding cybercrime.

What is carding and why is it important?​

Carding is a type of cybercrime in which criminals (carders) steal bank card data (numbers, CVV codes, and personal information) to conduct fraudulent transactions, purchase goods, or launder money. In 2023, damages from carding were estimated at billions of dollars, including $1.7 billion in cryptocurrency card-theft schemes alone. Carders use methods such as:

• Phishing: Creating fake bank websites or mobile apps to steal login credentials.
• Skimming: Installing devices on ATMs to read card data.
• Database attacks: Hacking banking or trading platforms to steal massive amounts of data.
• BEC (Business Email Compromise): Hacking corporate email to forge payment orders.
• Darknet Markets: Buying and selling stolen data on platforms like Genesis Market.

Banks and cyber police are combating this through joint operations, combining financial analytics, cyber forensics, and international cooperation.

Key Operation 2023: HAECHI IV​

Operation HAECHI IV (July–December 2023) is a global initiative led by INTERPOL aimed at combating financial cybercrime, including carding. It brought together law enforcement agencies from 34 countries, banks, virtual asset providers (VASPs), and private companies such as Group-IB. The operation focused on seven types of crimes, including phishing, BEC, and cryptocurrency fraud, which are frequently used by carders.

The role of banks​

Banks played a central role in HAECHI IV, providing data on:

• Suspicious transactions involving stolen cards.
• Phishing attacks on clients (e.g. fake SMS or websites imitating banking portals).
• Accounts of "money mules" (intermediaries through which carders launder money).

Banks used Transaction Monitoring Systems (TMS) that identified anomalies such as:

• Unusually high transfers to accounts in other countries.
• Multiple small transactions using one card.
• Attempts to withdraw funds through cryptocurrency exchanges.

This data was transmitted to cyber police through secure channels, including Interpol's I-GRIP (Global Rapid Intervention of Payments) platform, which allows for the freezing of accounts in real time.

The Role of Cyber Police​

The cyber police (national units and Interpol) performed the following functions:

• Cyberforensics: Analysis of phishing site logs, malware (e.g. banking Trojans), and blockchain transaction traces.
• International Coordination: Sharing data between countries to track cross-border carding schemes.
• Arrests and raids: Operations were carried out to detain suspects using banking data and cyber intelligence.

Example: In South Korea, cyber police uncovered a phishing scheme in which carders sent fake SMS messages impersonating banks, stealing card details. The banks provided information about the accounts to which the money was transferred, leading to the arrest of the perpetrators.

Technologies and methods​

• I-GRIP: Interpol's tool for instant account freezing. During HAECHI IV, it helped freeze 82,112 bank accounts and 367 crypto wallets, confiscating $300 million ($199 million in fiat, $101 million in crypto).
• Blockchain analysis: Carders often convert stolen funds into cryptocurrency through exchanges like Binance or Kraken. Tools like Chainalysis track these transactions, identifying the final recipients.
• AI and machine learning: Banks have used algorithms to identify fraud patterns, such as mass purchases on e-commerce platforms using stolen cards.

Results​

• Arrests: 3,500 suspects detained, including carders, phishing campaign organizers, and money mules. This is double the number of arrests in previous HAECHI operations.
• Seizures: $300 million seized, including funds related to carding.
• Cases:
  • The organizer of an illegal gambling website that used stolen cards for betting has been arrested in the Philippines.
  • A $42.3 million BEC attack was foiled in Singapore, leading to arrests in Timor-Leste.
  • A network that used fake banking apps to steal data has been dismantled in Korea.

An example of a carder circuit diagram as described in HAECHI IV​

1. Carders created a phishing website that imitated the mobile banking service of a major bank (for example, a Korean or European one).
2. They sent out SMS messages with a link to a website, convincing victims to enter their card details.
3. The stolen data was used to make online purchases or transfer money to fictitious accounts.
4. Funds were converted into cryptocurrency through VASPs.
5. Banks noticed anomalies (such as large numbers of small transactions) and reported the data to Interpol.
6. Cyber police tracked the IP addresses of phishing servers and blocked accounts through I-GRIP, leading to arrests.

Other operations against carders in 2023​

In addition to HAECHI IV, several operations also affected carders and demonstrated the importance of cooperation between banks and cyber police:

1. Operation NERVONE​

• Date: 2023.
• Participants: Interpol, the Ivory Coast cyber police, Group-IB, banks in Africa and Europe.
• Context: The OPERA1ER group (aka DESKWEB) attacked banks in 15 countries using phishing and malware to steal card and corporate account data. Damages were estimated at $11–30 million.
• Role of banks: Banks provided data on compromised accounts and helped track BEC attacks where fraudsters forged payment orders.
• Results: The arrest of a key member of the group in Côte d'Ivoire and the dismantling of the phishing infrastructure. This reduced OPERA1ER's activity, although the group remained a threat.

2. Africa Cyber Surge II​

• Date: April–August 2023.
• Participants: Interpol, AFRIPOL, African cyber police, banks of Nigeria and Mauritius.
• Context: Carders used phishing and money mules to withdraw funds from banking systems.
• Role of banks: Nigerian banks have identified accounts used for money laundering and handed over the data to cyber police.
• Results: 14 arrests, takedown of 20,674 malicious networks, including phishing sites for card theft.

3. Genesis Market Takedown​

• Date: April 2023.
• Participants: Interpol, FBI, Europol, banks of Australia, Canada, EU.
• Context: Genesis Market was the largest darknet marketplace, selling data from 80 million cards and accounts.
• Role of banks: Financial institutions coordinated through the Joint Policing Cybercrime Centre, providing data on transactions related to Genesis.
• Results: More than 100 arrests in 17 countries, market closure, server seizure.

How Banks and Cyber Police Collaborated to Achieve Success​

1. Real-time data exchange:
   • Banks used AML (Anti-Money Laundering) systems to identify suspicious transactions.
   • Cyber police used cyber forensics to analyze phishing servers and malware.
   • Platforms such as I-GRIP allowed for instant account freezing, reducing response times from days to hours.
2. International coordination:
   • Interpol and Europol ensured the exchange of information between countries, which is important because carders operate across borders.
   • Example: In HAECHI IV, data from Singapore banks helped arrest suspects in Timor-Leste.
3. Technologies:
   • Blockchain analysis revealed the carders' cryptocurrency wallets.
   • Banks' AI algorithms predicted fraudulent transactions with up to 95% accuracy.
   • Cyberpolice used OSINT (Open-Source Intelligence) to track carders' activity on the darknet.
4. Education and prevention:
   • Banks ran campaigns for customers educating them about avoiding phishing (for example, checking website URLs).
   • Cyberpolice has issued warnings about new carding schemes.

Lessons and Recommendations​

1. For banks:
   • Strengthen transaction monitoring with AI and machine learning.
   • Implement two-factor authentication (2FA) for all customers.
   • Collaborate with VASPs to track cryptocurrency transactions.
2. For cyber police:
   • Expand the use of tools such as I-GRIP for rapid response.
   • Strengthen employee training in blockchain and darknet analysis.
3. For users:
   • Check the authenticity of banking websites and applications.
   • Use 2FA and do not share card details.
   • Monitor your account statements regularly.

If you meant local operation​

If your question concerned a specific transaction in Russia, Ukraine, or another country, please provide more details (e.g., bank name, region, or date). In 2023, there were also cases of crackdowns on carders in the Russian-speaking world, such as the arrest of a group in Russia that used phishing to steal bank card data, but there are fewer details in open sources. I can further search web sources if needed.

Conclusion​

Operations like HAECHI IV have demonstrated that collaboration between banks and cyberpolice is key to combating carders. Banks provide financial intelligence, while cyberpolice provide technical expertise and international coordination. In 2023, this led to thousands of arrests and the confiscation of hundreds of millions of dollars. For educational purposes, it's important to understand that the success of such operations depends on technology (AI, blockchain analysis), rapid data exchange, and global cooperation.