They operate under names such as carderplanet, stealthdivision, darkprofits and the shadowcrew. They buy and sell millions of credit card numbers, social security numbers and identification documents, typically for less than 10 bucks apiece. And they create sites and services to breed more skilled, like-minded organizations. Here's how the growth of electronic commerce is threatened by the operations of these Web Mobs.

Andrew Mantovani, David Appleyard, Brandon Monchamp and more than a dozen other members of the Shadowcrew were at work on their computers. Sure, it was 9 p.m. But their business—which, authorities say, was auctioning off stolen and counterfeit credit and identification cards—was booming.

In the past two years, the Shadowcrew's 4,000 members, according to the U.S. Secret Service, ran a worldwide marketplace in which 1.5 million credit card numbers, 18 million e-mail accounts, and scores of identification documents—everything from passports to driver's licenses to student IDs—were offered to the highest bidder.

Many of the credit card numbers sold on the site were subsequently used by Shadowcrew's customers, who had no intent of paying for what they bought. The result? More than $4 million in losses suffered by card issuers and banks, says the Secret Service, which is charged by the U.S. government to investigate counterfeiting, credit card fraud and computer crimes. If the Shadowcrew had gone unchecked, the losses would have totaled hundreds of millions of dollars, the agency says.

Shadowcrew is a Web mob, say law-enforcement officials: a highly organized group of criminals. Unlike the American Mafia or the Russian syndicates, however, these Web mobs work solely in the online world.

Members know each other by computer alias, interact with each other through the Internet, and commit their crimes in the darkness of cyberspace. The electronic marketplaces they establish to trade their illicit wares can be set up, and disbanded, with little more than keystrokes.

"They basically can pop up anytime and anywhere," says Secret Service Special Agent Larry Johnson.

In the last year, U.S. law-enforcement officials have publicly identified a half-dozen of these seemingly loose collections of thieves that have grown into multinational enterprises. The Secret Service says they operate under names such as Carderplanet, Stealthdivision and Darkprofits. Scott Christie, a former U.S. Attorney who initially prosecuted the Shadowcrew case, says he expects the number to grow.

In fact, these mobs are designed to foster more crime and criminals on the Web.

Much like La Cosa Nostra, members of Web mobs don't have to break into a bank to rob it. Instead, they provide a framework and services for criminals to trade in their chosen stock—stolen credit cards and identity documents. And their efforts, including the "commerce" sites where they trade in stolen "merchandise," will only accelerate what is already a thriving trade in numbers that are regarded on the Web as currency.

The amount of goods and services purchased with fraudulently obtained personal identification exceeded $52 billion in 2004, according to a release put out last month by the Federal Trade Commission. Businesses, from banks to online merchants—maybe even your company—bear much of the cost. But the initial, direct loss isn't the greatest threat posed by groups such as the Shadowcrew.

By promoting and facilitating credit card fraud and identity theft, these groups can shatter the online trust companies have established with their customers, says Howard Schmidt, the chief security strategist for eBay and a former cybersecurity adviser to the White House. That's because they destroy confidence in the Internet. "If McDonald's has well-lit restaurants and the best food and the best prices, but people get mugged in the parking lot, they won't go there," he says.

One of the most popular ways to steal credit card numbers and personal information is through "phishing" for it, using scam e-mails that draw unsuspecting recipients to Web sites where they're enticed to divulge personal financial data.

Consumers are becoming reluctant to enter their credit card numbers at retail sites, according to John Pescatore, a vice president at research firm Gartner, and are becoming extremely wary of responding to e-mails. They're resisting not just the requests from music or publishing companies pitching discounts, or travel companies pushing hotel or airline seat promotions, or utilities trying to establish online billing accounts. Pescatore also sees a lack of confidence in talking online with health-care providers and signing up for processes like electronic voting.

"People are beginning to mistrust Internet e-mail" altogether, says Pescatore, who's also a former Secret Service agent.

The Anti-Phishing Working Group, a nonprofit organization of corporations and government agencies trying to find ways to eliminate phishing, estimates some 75 million to 150 million scam-related e-mails are sent every day. Most originate from organized groups of cybercriminals, according to the group's chairman, David Jevans.

And that could decelerate the growth of electronic commerce.

In the past five years, Web commerce has grown 30%, according to International Data Corp., with consumers around the world spending more than $300 billion online last year.

But unless consumers' concerns about the safety of using their credit card numbers and other identification online is addressed, the rate of growth in the online economy could drop into single digits by 2007, Gartner figures.

The concerns are not misplaced. In just one incident last fall, data collector ChoicePoint says organized criminals accessed 144,778 consumer records, including credit reports and Social Security numbers. ChoicePoint says it has notified more than 700 people that identity information was compromised.

The growing threat of credit card and identity theft, says Edward M. Stroz, president of computer security firm Stroz Friedberg and a former agent with the Federal Bureau of Investigation, "is probably the single biggest risk to causing e-commerce to begin to dry up."

Cyber-Forensics: Following the Trail

The twentysomethings who make up the bulk of these groups are smart, technically savvy—and careful.

The Shadowcrew is said to have successfully evaded the law by hiding behind computer nicknames, or nics, such as BlackOps and Kingpin. They made sure to bounce their messages through more than one Web server. That made their communications harder to trace. As an added precaution, members also encrypted their electronic messages, scrambling the text so it couldn't be read by spies, i.e., the Secret Service or other law-enforcement agencies.

"They had this comfort level," says Johnson about the Shadowcrew, "thinking 'nobody would catch us.'"

But at 9 p.m. on Oct. 26, 2004, the Shadowcrew was in for a surprise.....

(read the rest of this unbelievable article here) It's long, but worth it. Very informative.