Marking an important moment in an investigation that started last May, the Civil Guard in Murcia, Spain arrested two key players of a identity fraud ring. The investigation took place under the name “Operation Darkweb,” (but not to be confused with an ongoing drug investigation in Spain). This investigation pinpointed into two men who participated in a network of fraudulent activity, often related to telephones.
In May, the Civil Guard arrested another member of this fraud network—although, at the time, the connection to a much larger criminal organization was not known. During a search of the suspect’s computer, authorities found a massive collection of what appeared to be stolen identities. Not everything found was a complete stolen identity; the owner stored lists of names and addresses, but also stored files that contained a full set of identification documents.
Amount those documents were passports and the identity cards of unknown foreigners. Some of the hidden files on the computer contained names, unspecified ID numbers, postal information, and banking data. After a few months filled with investigation, authorities discovered that most of the names lined up with people that had fallen victim to several types of digital scams.
The scams, according to the Civil Guard, started years ago. The names in the lists were from people who confirmed falling for scams or having their identity stolen in general. Authorities first noticed that the vast majority of the identity information matched that of the information in data dumps sold on the darknet.
Officials eventually determined that the ring consisted of three different tiers of operative. At the top were people who scoured the internet for stolen information. On the clearnet, data dumps pop up constantly and the first tier fraudsters used that information. But, the authorities said, the network used the darknet more often than not. The personal information came from forums or darknet marketplaces.
From there, they turned any useable pieces of personal information into complete “identities.” This method is frequently used online for either personal use or reselling on darknet marketplaces. Small bits of information—linked to a specific name, for instance—are pulled from various data dumps. This is repeated until enough information comes along to effectively assume this identity. Sometimes only one source of information is needed.
This ring moved to online activity, but the ID farming initially occurred over the phone. Phones, incidentally, became the centerpiece of the ring’s most frequently performed method of fraud. That was the point where second “tier” or group made their move. According to the Civil Guard, the fraudsters then purchased phone service under a fraudulent identity. Then, using that phone service, they ordered a “well-known brand” of phones, “priced around a thousand euros.”
After collection, the phones sold rapidly throughout Spain and other countries. The collection of the phones, authorities said, was tasked to the third group of people inside the criminal network. Since stolen customer data was used to create phone plans and therefore did not necessarily match a desired drop point, each “customer” had the phones shipped to a location under the customer’s name or credit card. The third group travelled to the said location and used the fake identity documents as proof of ownership.
Authorities captured the two suspects as they were headed to pick up a package. Both men—a 25-year-old and a 36-year-old—travelled from Valencia to Jumilla with fake identity documents. The Civil Guard arrested them in Jumilla where both suspects await a trial for fraud, ID forgery, and identity theft.