U.S. Department of Justice

11/20/2024 | Press release | Distributed by Public on 11/20/2024 16:01

Justice Department Seizes Cybercrime Website and Charges Its Administrators

The Justice Department today announced the seizure of PopeyeTools, an illicit website and marketplace dedicated to selling stolen credit cards and other tools for carrying out cybercrime and fraud, and unsealed criminal charges against three PopeyeTools administrators: Abdul Ghaffar, 25, of Pakistan; Abdul Sami, 35, of Pakistan; and Javed Mirza, 37, of Afghanistan.

According to a criminal complaint unsealed today, Ghaffar, Sami, and Mirza are charged with conspiracy to commit access device fraud, trafficking access devices, and solicitation of another person for the purposes of offering access devices, arising from their roles as administrators of the PopeyeTools website.

As part of the actions announced today, the United States obtained judicial authorization to seize the domains www.PopeyeTools.com, www.PopeyeTools.uk, and www.PopeyeTools.to, which long hosted and facilitated access to the PopeyeTools website. According to the affidavit filed in support of these seizures, since in or around 2016, PopeyeTools served as a significant online marketplace dedicated to selling sensitive financial data and other illicit goods and tools of cybercrime to thousands of users around the world, including users associated with ransomware activity. Some of the stolen information included bank account, credit card, and debit card numbers and associated information for conducting transactions. Since its inception, PopeyeTools has offered for sale the access devices and personally identifiable information (PII) of at least 227,000 individuals and generated at least $1.7 million in revenue.

"As alleged, Ghaffar, Sami, and Mirza founded and ran a longstanding online marketplace that sold illicit goods and services for use in committing cybercrimes, including ransomware attacks and financial frauds," said Principal Deputy Assistant Attorney General Nicole M. Argentieri, head of the Justice Department's Criminal Division. "Today's announcement of the takedown of the PopeyeTools domains, the criminal charges against its operators, and the seizure of cryptocurrency is yet another example of the department's 'all-tools' approach to combatting cybercrime. Working with our domestic and international partners, the Criminal Division is committed to disrupting illicit enterprises through every available means, including by taking over their websites, charging culpable individuals, and seizing their illicit proceeds."

"Cybercrime knows no boundaries," said U.S. Attorney Trini E. Ross for the Western District of New York. "I continue to commend the work of our federal law enforcement partners, who joined forces with law enforcement across the globe, to disrupt this illicit marketplace. The perpetrators of this illegal marketplace allegedly sold the credit card information and personally identifiable information of hundreds of thousands of victims, some who live in western New York. Because of the incredible work of law enforcement, this illegal website has been seized and taken down so no one else can be victimized."

"Yesterday's operation and dismantling of PopeyeTools is a direct result of the FBI's dedication to weaken cybercrime," said Special Agent in Charge Matthew Miraglia of the FBI Buffalo Field Office. "This takedown is a significant example of the FBI's technical capabilities, as well as our strong relationships with our international partners to protect people from cybercriminals operating these types of online marketplaces."

According to court documents, the PopeyeTools marketplace's motto was "We Believe in Quality Not Quantity," and the website made a name for itself by allegedly selling stolen access devices and other illicit goods and services that were valid and thereby suited to committing financial fraud. For instance, the "Live Fullz" section offered unauthorized payment card data and PII for cards that were marketed as "live" - i.e., could be used to conduct fraudulent transactions - at a price of approximately $30 per card. Other sections included "Fresh Bank Logs," which offered logs of stolen bank account information, "Fresh Leads" or email spam lists, "Scam pages," and "Guides and Tutorials."

To attract members to the marketplace, PopeyeTools allegedly promised to refund or replace purchased credit cards that were no longer valid at the time of sale. In addition, at different times, PopeyeTools provided customers with access to services that could be used to check the validity of bank account, credit card, or debit card numbers offered through the website.

As part of the actions announced today, the United States also obtained judicial authorization to seize approximately $283,000 worth of cryptocurrencies from a cryptocurrency account controlled by Sami.

If convicted, Ghaffar, Sami, and Mirza face a maximum penalty of 10 years in prison on each of the three access device offenses. A federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors.

The FBI Buffalo Field Office investigated the case.

The Justice Department's Office of International Affairs provided assistance. The Justice Department appreciates the significant assistance provided by law enforcement partners in the United Kingdom and Malaysia.

Senior Counsel Aarash A. Haghighat of the Criminal Division's Computer Crime and Intellectual Property Section and Assistant U.S. Attorney Paul Bonanno for the Western District of New York are prosecuting the case. Assistant U.S. Attorney Elizabeth Palma for the Western District of New York also assisted with the announced seizures.

A criminal complaint is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.