Skip to main content
U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information on the 2024 Campaign is available now.  Click here to find out more.

On the Anniversary of Operation Firewall

Operation Firewall

As the federal law enforcement agency primarily tasked with protecting and securing the nation’s critical financial infrastructure, the Secret Service is marking the 17-year anniversary of Operation Firewall. The global investigation conducted in 2003-2004 was among the earliest large-scale cyber financial investigations and saw the takedown of several active criminal networks and the arrest of those responsible for stealing millions of credit card numbers, resulting in massive monetary losses estimated to exceed $100 million.

Operation Firewall began in July 2003 as an investigation into access device fraud. The case evolved into a highly technical, transnational investigation involving widespread global credit card fraud and the discovery of a brazen identity theft marketplace being conducted over the internet.

In the course of the investigation, the U.S. Secret Service Electronic Crimes Task Force and its law enforcement partners at every level successfully identified underground criminal groups known as Shadowcrew, Carderplanet and Darkprofits. These criminal organizations operated websites used to traffic counterfeit credit cards and false identification information and documents, not only sharing instructional information on how to commit fraud, but also providing a forum, or marketplace, through which to purchase such information and tools online. 

The groups also employed cyber techniques such as phishing and spamming to illegally obtain credit and bank card information, using that stolen information to purchase merchandise online, which would then be sent to a drop, or mailing address, specifically set up to receive the stolen goods. Members sent and received payment for illicit merchandise and services via Western Union money transfers and digital currencies such as E-Gold and Web Money.

Operation Firewall case agents immersed themselves in the investigation, working their sources every day for the better part of a year, building trust and curating effective, long-term relationships with banks and other financial institutions and making undercover purchases of compromised information needed to make the case.  

Operation Firewall arrestOperation Firewall

In addition to credit card information, the criminal networks targeted in Operation Firewall illegally acquired approximately 18 million email accounts along with associated usernames, passwords, dates of birth, and other personally identifying information - approximately 60,000 of which included first and last name, gender, address, city, state, country and telephone number.

Beginning in early 2004, data obtained through court authorized intercepts revealed internal communications, transactions and practices of the previously identified groups and other criminal organizations. The amount of information gathered during the investigation was approximately two terabytes, or the equivalent of an entire university's academic library. In receiving the authorization, the Secret Service became the first agency to execute a Title III wiretap on an entire computer network.

In a press release issued at the time of the arrests, Secret Service Director W. Ralph Basham acknowledged the Newark Field Office for its lead role in the case, which included investigators from nearly thirty domestic and foreign Secret Service offices and their many global law enforcement counterparts. Their efforts, he said, “prevented potentially hundreds of millions of dollars in loss to the financial and hi-tech communities.”

The groundbreaking investigation resulted in significant disruption of cybercriminal activity targeting the financial infrastructure of the United States. At the time of the arrests, authorities calculated estimates of prevented loss to the industry to be hundreds of millions of dollars had this criminal enterprise, in which 28 of its members would be arrested in eight states and six foreign countries, not been detected and disrupted.