Madison Square Garden admits hackers harvested customer credit card data for a year
Djevair Ametovski pleaded guilty to fraud and identity theft and faces 17 years in prison iStock

A Macedonian citizen has pleaded guilty on Friday (25 August) to running a sophisticated nefarious website called Codeshop to sell stolen credit and debit card data, bank account details and personal identification data of people from around the world, US prosecutors said. Djevair Ametovski, who goes by the online pseudonyms "xhevo," "sindrom" and "sindromx", allegedly worked with co-conspirators to hack into the databases of financial institutions and businesses globally to steal victims' personal data.

He also used various phishing scams to send fake emails to unsuspecting account holders and lured them into handing over their private information. Ametovski then packaged the stolen data for sale and posted it on the Codeshop website.

Prosecutors said the illegal online global marketplace featured a fully indexed and searchable website that "allowed users to search through databases of stolen data by bank identification number, financial institution, country, state and card brand to find the precise data that they wished to buy".

Clients who bought data on the website generally used it to make online purchases and encode plastic cards to withdraw cash at ATMs, according to court papers.

To conceal his customers' identities, as well as his own, Ametovski used a network of online money exchanges and anonymous digital currencies to reap the revenues.

The one-stop "carding shop" was run online from 2010 to 2014. The 30-year-old stole credit and debit card data for more than 1.3 million cards over the course of the illegal cyber scheme, officials said, resulting in millions of dollars in losses for tens of thousands of people.

Ametovski was arrested in Ljubljana, Slovenia, in January 2014, and was later extradited to the US in May last year. He pleaded guilty to fraud and identity theft at a federal courthouse in Brooklyn and faces up to 17 years in prison.

"Cybercriminals such as the defendant profit directly from the mass hacking of online businesses and theft of personal and financial information, and provide a platform for others to do the same," Acting United States Attorney Rohde siad in a statement. "This Office, together with our law enforcement partners, will work tirelessly to shut down these illegal businesses and hold their operators accountable for their crimes."