Two Iranian Nationals Charged in Credit Card Fraud and Computer Hacking Conspiracy

A superseding indictment was unsealed today charging Arash Amiri Abedian, 31, and Danial Jeloudar, 27, with aggravated identity theft; wire fraud; and criminal conspiracy and other charges relating to access device fraud, unauthorized access to, and theft of information from, computers, and threatening to damage a computer.

Acting Assistant Attorney General for National Security Dana J. Boente, U.S. Attorney Beth Drake of the District of South Carolina, Assistant Director Scott Smith of the FBI’s Cyber Division and Special Agent in Charge Alphonso Norris of the FBI’s Columbia, South Carolina Field Office made the announcement.

According to the allegations in the superseding indictment filed in Columbia, South Carolina, beginning in or around October 2007, Abedian and Jeloudar, residing in the Islamic Republic of Iran, conspired together to violate multiple U.S. criminal statutes.  Specifically, the indictment alleges they obtained stolen credit card numbers and related personal information by hacking and otherwise, and used that information to fraudulently and by extortion obtain money, goods and services from U.S.-based and foreign victims.

As part of the conspiracy, between 2011 and 2016, Abedian used malicious software, or “malware,” to capture the credit card and other personal information of individuals who had transacted with certain merchants’ websites.  Abedian then used that information to commit identity theft and to obtain goods and services by fraud, and, on some occasions, Abedian then transmitted the stolen information to Jeloudar.  For example, on or about Feb. 21, 2012, Abedian sent Jeloudar approximately 30,000 names and numbers, which he said were unauthorized credit card numbers and associated information.  As part of the conspiracy, in or around March 2012 and April 2012, Jeloudar ordered and obtained various equipment, servers, and internet hosting services from a provider in South Carolina using stolen credit card numbers and other personal identifiers.

The superseding indictment further alleges that, in January 2017, Jeloudar contacted a California-based online merchant and threatened to disclose its customers’ credit card numbers and other related information previously obtained by hacking the merchant‘s website, unless it made a Bitcoin payment to Jeloudar.  Jeloudar also threatened to disclose to the company’s customers that their private information had been compromised and launched a denial-of-service attack on the company’s website.

The charges in the indictment are merely accusations and the defendants are presumed innocent unless and until proven guilty.

The FBI’s Columbia, South Carolina Cyber Squad investigated the case.  The case is being prosecuted by Assistant U.S. Attorney Eric Klumb of the District of South Carolina and Trial Attorney Heather Alpino of the National Security Division’s Counterintelligence and Export Control Section.