A former member of the ShadowCrime cybercrime forum has been extradited to the United States to face trial on charges of conspiring, transferring false identity documents and offering access to devices without authentication, the New Jersey district attorney said today.
Bulgarian national Aleksi Kolarov, also known as APK, has been under arrest in Paraguay for the last two years and landed in the United States on Friday last week.
The 30 year old was apprehended in the Paraguayan capital Asunción with large amounts of cash in multiple currencies and also a money card magnetic strip writer, US authorities said.
Kolarov was one of approximately 4,000 participants from all over the world in the ShadowCrew forum, which was started in 2002 by college student Andrew "D3ck" Mantovani and retired mortgage broker David "BlackOps" Appleyard.
ShadowCrew aimed to become an eBay-style market for stolen data and counterfeited identification documents and provided hacking how-tos and other hints and tips on how to commit digital fraud and crime.
Kolarov sold counterfeit British passports and traveller's cheques on ShadowCrew, according to US authorities.
The forum ran until 2004 when the US Secret Service busted it as part of Operation Firewall, after ShadowCrew member Albert "CumbaJohnny" Gonzalez was arrested and became a government informant.
As part of the investigation, 21 people were arrested, 19 of which, Kolarov and founders Mantovani and Appleby included, were indicted [PDF] for "carding" and other cybercrime activities.
US authorities claimed the trafficking of some 1.7 million credit cards caused losses in excess of US$4 million.
Gonzalez was not prosecuted for ShadowCrew activities and continued to work for the Secret Service as a salaried informant until he was arrested again in 2008 for eavesdropping of corporate networks and through that, stealing details of thousands of payment cards, resulting in at least US$600,000 in fraudulent charges.
A year later, Gonzalez was accused of breaking into computer systems belonging to a payments provider, and ATMs in what was then thought to be the largest ever theft of credit card numbers, with US authorities claiming 130 million were purloined.
Gonzales received two concurrent twenty-year prison sentences for his role in the hacking and is scheduled to be released towards the end of 2025 when he will be aged 44.