One of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. Here’s a closer look at the Russia-based SWAT USA Drop Service, which currently employs more than 1,200 people across the United States who are knowingly or unwittingly involved in reshipping expensive consumer goods purchased with stolen credit cards.Among the most common ways that thieves extract cash from stolen credit card accounts is through purchasing pricey consumer goods online and reselling them on the black market. Most online retailers grew wise to these scams years ago and stopped shipping to regions of the world most frequently associated with credit card fraud, including Eastern Europe, North Africa, and Russia.But such restrictions have created a burgeoning underground market for reshipping scams, which rely on willing or unwitting residents in the United States and Europe to receive stolen goods and relay them to crooks living in the embargoed areas.

Services like SWAT are known as “Drops for stuff” on cybercrime forums. The “drops” are people who have responded to work-at-home package reshipping jobs advertised on craigslist.com and job search sites. Most reshipping scams promise employees a monthly salary and even cash bonuses. In reality, the crooks in charge almost always stop communicating with drops just before the first payday, usually about a month after the drop ships their first package….

The information leaked from SWAT also has exposed the real-life identity and financial dealings of its principal owner — Fearlless, a.k.a. “SwatVerified.” We’ll hear more about Fearlless in Part II of this story. Stay tuned.

“…In the debate about data privacy and harms to Americans, however, one issue has not received adequate attention by the press or in policy conversations relative to the severity and volume of harm: the link between publicly available information and stalking and gendered violence. For decades, “people search” data brokers have compiled profiles on millions of people—including their family members, contact information, and home addresses—and published them online for search and sale. It could cost as low as $0.95 per record—or $3.40/search, for a monthly fee—to buy one of these dossiers. In turn, for decades, abusive individuals have bought this data and used it to hunt down and stalk, harass, intimidate, assault, and even murder other people. The harms of stalking and gendered violence fall predominantly on women as well as members of the LGBTQIA+ community.  This matters for the privacy debate because many so-called people search websites get this data by scraping public records, from voting registries to property filings. Yet this information is completely exempted from many state privacy laws because it is considered “publicly available information.” One prominent line of argument suggests that since the information is already out there, a company that aggregates it, digitizes it, and links it to profiles of specific individuals makes no difference.[…]

We know from our daily work that countries are influenced by the legal and policy approaches that are taken by other countries to different issues. For example, governments have considered, or are considering, developments in other jurisdictions in relation to the regulation of artificial intelligence and cryptocurrency. Sometimes, there are international agreements that are implemented into national laws. There are also “soft law” instruments, such as guidelines, recommendations, and standards, which might set out best practices that countries can choose to follow in their own policies, or even reference or implement in their legislation. Approaches can evolve based on a combination of all of these external influences, as well as in response to particular challenges or conditions within a country, historical, cultural, and economic factors, and the structure of governments and legal systems themselves.

For a recent report, we looked at whether and how the laws and policies of selected countries may have been influenced by a particular document – the “Cybersecurity Framework” developed by the National Institute of Standards and Technology (NIST) within the U.S. Department of Commerce. This framework is “voluntary guidance, based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk.”

In particular, we surveyed countries where the language is one of those into which the framework has been translated – Belgium, Brazil, Bulgaria, Chile, Indonesia, Japan, Mexico, Poland, Saudi Arabia, and Ukraine.

…