The FBI orchestrated a two-year cybercrime sting that resulted in 24 arrests, with some alleged hackers facing more than 20 years in prison for allegedly profiting from stolen information such as credit card and bank account numbers, law enforcement authorities announced today.

The U.S attorney’s office in Manhattan and the FBI announced the arrests and provided details of the sting operation, which involved FBI agents posing as hackers while the bureau set up a fake “carding” forum, according to the press release (see the full release below). Carding is the term for crimes associated with exploiting stolen personal information for profit. The forums helped “carders” communicate and, in some cases, find mailing addresses — usually empty apartments or houses — for products purchased with stolen credit-card data.

While the sting netted 24 arrests across eight countries, authorities only shared the charges of 12 alleged hackers. These individuals were charged with several counts of fraud, including selling personal data, using stolen information to purchase or obtain products, and selling tools to aid hackers in stealing information.

The FBI claims it prevented 400,000 potential cybercrimes via this operation.

These three alleged hackers face the heaviest sentences:

Ali Hassan, aka “Badoo,” faces charges that carry a total maximum sentence of 37 years for selling credit card information — some of which reportedly came from hacking an online hotel booking site. The credit card information, described as “fulls,” by hackers, included cardholder name, address, social security number, birth date mother’s maiden name, and bank account information. Hassan, 22, is a resident of Milan, Italy.

Mark Caparelli, aka “Cubby,” who faces charges that carry a maximum of 30 years total. Capparelli, 20, of San Diego, Calif., reportedly used stolen credit cards and Apple product serial numbers to get replacement products under defective product claims. A credit card is required in case the defective product isn’t mailed back to Apple. Using this technique Capparelli allegedly sold and shipped four iPhone 4 devices to an undercover FBI agent.

Michael Houge, aka “xVisceral,” allegedly sold malware, including remote access tools (RATs) that allowed users to take over and remotely control an infected computer. Houge’s alleged RAT gave users the ability to turn on Web cams and record keystrokes. According to the release, Houge, a 21-year-old Arizona resident, sold the tool for $50 a pop and bragged about infecting between 50 to 100 computers himself and selling the RAT to others who infected thousands of computers. His charges carry a maximum of 20 years total.

Read more