Accused PII seller faces jail for running underground fraud op – Source: go.theregister.com

A Baltimore man faces a potential maximum 20-year prison sentence after being charged for his alleged role in running an online service that sold personal data which was later used for financial fraud.

Chouby Charleron is alleged to be behind the online alias of “The Real Jwet King,” and a complaint filed in a New Jersey district court and unsealed yesterday claims he ran a TLO service via an online chat group where criminals exchanged the personally identifiable information (PII) of victims for small digital payments.

An underground TLO service is based on the idea and branding of TLOxp, the proprietary background checker tool owned by credit reporter TransUnion and typically used by law enforcement agencies, insurance companies, and the like, for digging up information on a specific person.

TLO lookups can reveal data including social security numbers (SSNs), phone numbers, and dates of birth – the holy trinity for criminals looking to defraud victims of their financial security.

The Register approached TransUnion for a statement but it did not respond.

The charges were brought against Charleron by the United States Postal Service (USPS), whose investigators claim they found that he didn’t even think to use a VPN when administering the group. 

A review of the searches for PII records revealed the associated IP addresses with those searches led to Charleron’s home address in Laurel, Maryland, according to the complaint.

The filing claims customers would approach Charleron with a name and home address, plus a payment in the region of $25 sent either via cryptocurrency or other digital means, and in return they would receive the PII necessary to take out credit cards in a victim’s name.

It’s unclear if the accused and his alleged co-conspirators used TLOxp itself, or had their own system of aggregating the data their clients sought, or both, but the collection of customers – 799 of them at the operation’s peak – were all contacted via a group chat through what court documents describe as an unspecified encrypted messaging app.

The only hit for “The Real Jwet King” on the main culprits for these types of crimes was Telegram, with one user brandishing the handle, although the account’s “last seen” status was “a long time ago.”

This may be explained by the complaint’s estimated timeline of Charleron’s administration of the TLO service, which the filing claims ran from at least February 2020 to around May 2023.

The group was called “TLO Lookup Ups” and a global search of Telegram revealed multiple groups claiming to offer similar services.

During the period Charleron allegedly ran the service, he is said to have sold the PII belonging to more than 5,000 individuals, with criminals later using it to spend tens of thousands of dollars of their victims’ money.

In one March 2022 case that appeared in the court docs, a member of the customer network sent across five names and addresses, and the following day the requisite payment of $119.64. Three minutes after the payment was made, the PII for all five individuals was sent to the customer. That PII was then used to activate credit cards in the victims’ names via a phone call with their bank. 

The criminal in question activated multiple credit cards for many victims over the course of nearly a year, between July 2021 and May 2022, racking up more than $90,000 in illegal charges. At least 80 of the victims are alleged to have been supplied to them by Charleron, according to the unsealed criminal complaint [PDF].

In 2020, the same customer is also thought to have stolen a letter from an intended target, sent by a financial institution, containing an unactivated credit card. The complaint claims a picture of the letter was sent to Charleron, and claims he then supplied the PII required to activate it.

A second customer’s case presented to the court alleges that Charleron was able to supply data to tight deadlines. In the case, the customer asked for the PII, stating that the banks close in 28 minutes and Charleron supplied the required PII in 21 minutes, the complaint claims.

• DC elections agency warns entire voting roll may have been stolen
• Cybercrim claims fresh 23andMe batch takes leaked records to 5 million
• Ex-Navy IT manager gets 5 years in slammer for 2018 database heist
• Leak of 75k employee records was insiders’ fault, claims Tesla

Discounts were also supplied on occasion. Within a two-week period in 2022, Charleron is alleged to have sent a message to the group advertising a three-for-$100 offer – a price higher than the average $25 because it also included driving licenses. A week later, another deal was advertised offering records for $20, not including driving licenses.

Filed on January 19, an arrest warrant [PDF] is currently out for Charleron and it’s unknown if he’s yet in custody.

A single count of conspiracy to commit wire fraud is a class C felony, punishable by a maximum prison sentence of 20 years, three years of supervised release, and $250,000 in fines. ®