Thirty-six people have been charged for their alleged involvement in running a cyber-crime service responsible for more than $530m (£381m) of losses.
The Infraud Organisation is said to have dealt in stolen credit cards and passwords and engaged in bank fraud and ID theft.
As of March 2017, its dark-web-based service’s discussion forum is said to have had 10,901 registered members.
The US Department of Justice said 13 of the suspects were now in custody.
They include UK-based Anthony Nnamdi Okeakpu, who is alleged to have joined in December 2010 and have used the nickname “moneymafia”.
Other defendants include Svyatoslav Bondarenko, a Ukranian accused of having created Infraud in October 2010.
Five apprehended defendants were based in the US while others came from France, Canada, Pakistan, Russia Egypt, Italy and Macedonia among other countries.
“As alleged in the indictment, Infraud operated like a business to facilitate cyber-fraud on a global scale,” said acting assistant attorney general John Cronan of the Justice Department’s Criminal Division.
“Its members allegedly caused more than $530m in actual losses to consumers, businesses, and financial institutions alike – and it is alleged that the losses they intended to cause amounted to more than $2.2bn.”
Affected businesses were said to have included HSBC bank and PayPal.
The US authorities said they were now attempting to extradite eight of the suspects being held overseas.
The indictment says that Infraud’s administrators had aimed to run the “premier online destination for the purchase and sale of stolen property” and had used the slogan “In Fraud We Trust” to promote it.
Its activities are alleged to have included:
- the sale and purchase of stolen dates of birth, addresses, passwords, social security numbers, payment card details and other personally identifying information
- the ability to advertise other sites that featured automated stores for stolen property
- the sharing and sale of malware
- the provision of forums and chat rooms to discuss illegal activities
At one point in 2011, one of the accused is said to have indicated he had 795,000 UK logins to HSBC bank available for sale.
Two years later, another is alleged to have advertised 1,300 compromised PayPal account IDs.
Other specific accusations include adverts for Visa, Mastercard and American Express credit card numbers.
And one member is said to have offered to fraudulently book flights, rental cars and seats at US concerts and sporting events at a fraction of their actual price.
Members are said to have given feedback ratings to each other to help maintain the quality of contraband sold via the service.
Proceeds were said to have been laundered via digital currencies including Bitcoin and the defunct service Liberty Reserve.
In an effort to evade arrest, members are alleged to have avoided sharing their real identities with each other, and instead used nicknames including “Mae Tony”, “Poony” and “Hulk”.
“The criminals involved in such schemes may think they can escape detection by hiding behind their computer screens here and overseas,” said Derek Benner, of Homeland Security Investigations.
“But as this case shows, cyber-space is not a refuge from justice.”