D.A. Vance Announces Extradition and Indictment of Member of Western Express Cybercrime Group

Manhattan District Attorney Cyrus R. Vance, Jr. announced the extradition of EGOR SHEVELEV, a Ukrainian national, from Greece for a cybercrime and identity theft scheme involving global trafficking in stolen credit card account numbers. SHEVELEV was arraigned today on charges of Enterprise Corruption, Grand Larceny, Criminal Possession of Stolen Property, Money Laundering, Attempted Criminal Possession of Stolen Property, Scheme to Defraud, and Conspiracy. [1] The crimes charged in the indictment occurred between November 2001 and August 2007.

 

“The extradition and indictment of this defendant bring us a step closer to apprehending the members of an international identity theft ring,” said District Attorney Vance. “This Office is committed to shutting down criminal operations that traffic in stolen information used to steal identities and illegally acquire money.”

 

According to the indictment and documents filed publicly with the court, defendant EGOR SHEVELEV, a/k/a “Eskalibur,” a/k/a “Esk,” was a vendor of stolen credit card account numbers and related information, including account holder names and expiration dates. SHEVELEV sold the stolen information to buyers, often receiving funds through Egold digital currency. The buyers used this information for the purpose of committing larcenies and identity theft. SHEVELEV used the services of money movers such as Western Express International, Inc. to move, conceal and layer his digital currency criminal proceeds. Specifically, SHEVELEV used Western Express to launder and convert over $600,000 in Egold digital currency criminal proceeds into Webmoney digital currency. SHEVELEV possessed over 75,000 stolen credit card account numbers and more than $2,500,000 in fraud was identified on just a small portion of these 75,000 stolen credit card account numbers.  

 

SHEVELEV was apprehended by Greek law enforcement authorities on May 10, 2008 while vacationing in Greece, following an international arrest request issued in connection with this case. Shortly afterwards, Ukraine authorities executed a search warrant at the defendant’s residence in Kiev. SHEVELEV was held by Greek authorities pending extradition to New York State, which occurred on July 2, 2010.

 

Today’s announcement marks the fourth major phase in a joint five-year investigation by the District Attorney’s Cybercrime and Identity Theft Bureau and the United States Secret Service. In total, the 173-count indictment charges seventeen individuals and one corporation. The indictment initially was announced in November 2007 in conjunction with the arrest of several defendants in the United States. At that time, the indictment remained sealed as to five defendants who resided in other countries, and whom law enforcement authorities were working to apprehend. In August 2009, the District Attorney’s Office announced the extradition of VIATCHESLAV VASILYEV and VLADIMIR KRAMARENKO from the Czech Republic, along with the unsealing of the indictment as to three additional co-defendants: SHEVELEV, DZMITRY BURAK, and OLEG KOVELIN.

 

The indictment charges that from 2001 through 2007, the defendants participated in a multi-national, Internet-based criminal enterprise, known as the “Western Express Cybercrime Group” for the purpose of the indictment. This enterprise was dedicated to trafficking in stolen credit card numbers and other personal identifiers. The group garnered millions of dollars in illicit profits from the sale and fraudulent use of this personal data, with some members of the enterprise laundering these profits in a variety of high-tech ways. At the hub of this group was Western Express International, Inc., a corporation based in Manhattan that coordinated and facilitated the Internet payment methods used by the criminal enterprise to purchase the stolen information, and laundered the criminal proceeds earned.

 

According to the indictment and documents filed publicly in court, the Western Express Cybercrime Group carried out its criminal operations through a configuration of vendors, buyers, cybercrime services providers and money movers. Those involved in the Western Express Cybercrime Group interacted and communicated through carding web sites – that is, web sites devoted to trafficking in stolen credit card and personal identifying information. They relied on the use of nicknames, false identities, anonymous instant messenger accounts, anonymous email accounts, and anonymous digital currency accounts to conceal the existence and purpose of the criminal enterprise, to avoid detection by law enforcement and regulatory agencies, and to maintain their anonymity.