Credit card 'info for sale' websites closed in global raids
Dozens of websites offering credit card details and other private information for sale have been taken down in a global police operation.
Britain's Serious Organised Crime Agency (Soca) says raids in Australia, Europe, the UK and US are the culmination of two years of work.
Credit card numbers or bank account details of millions of unsuspecting victims were sold for as little as £2.
Two Britons and a man from Macedonia were arrested, with 36 sites shut down.
Some of the websites have been under observation for two years.
During that period the details of about two-and-a-half million credit cards were recovered - preventing fraud, according to industry calculations, of at least £0.5bn.
Lee Miles, the head of Soca's cyber crime unit, told the BBC that criminals were now selling personal data on an "industrial" scale.
Police fighting cyber crime can find themselves battling not just the criminals but also, on occasion, the internet service providers.
Not surprisingly, criminal gangs try to recruit the smartest hackers or code-writers to both steal data from unsuspecting internet users, and make their own websites as secure and hard to trace as possible.
But many senior figures at the big internet service providers and domain name registration companies are traditionally anti-establishment and can be suspicious of police interference. They are often reluctant to agree to anything that could be perceived as curtailing the freedom of the web, such as preventing anonymous domain registrations.
Soca officers and their counterparts at Interpol, the FBI and at other law enforcement agencies around the world, say they have been working hard to "influence" the industry, and they are hoping that those efforts will lead to changes that could make their job easier in future.
Without the help of the industry, or a massive investment in law enforcement, it will be increasingly hard to keep track of the millions of items of illegal data being traded in cyberspace.
He said: "Criminals are turning over vast volumes of these cards. We must match the criminals - it's an arms race.
"They are industrialising their processes and likewise we have to industrialise our processes to match them."
Mr Miles said traditional "bedroom" hackers were being recruited by criminal gangs to write the malware or "phishing" software that steals personal information.
Other IT experts are used to write the computer code that enables the websites to cope, automatically, with selling the huge amounts of data.
"I'd rather arrest 10 code writers than 1,000 front-end fraudsters," he said.
Joint operations on Thursday in Australia, the US, Britain, Germany, the Netherlands, Ukraine, Romania and Macedonia led to the websites being closed down.
A 23-year-old man in Stechford, Birmingham, and a 27-year-old man in Tottenham, north London, have been arrested, along with the man in Macedonia.
More arrests are expected.
Soca is also calling on internet service providers to stop individuals registering websites anonymously.
Automated computer programs can register thousands of similar, but different domain names, and it can be difficult to trace them back to their owner.
"Where individuals register domain names for criminal purposes there is a very loose 'know your customer' regime among the website providers," Mr Miles said.
"What we are trying to do is influence the industry to introduce more secure systems so they do know who is registering these sites and they have a more comprehensive customer database, and do more aimed at preventing criminals buying websites and using them for criminal ends," he added.
The BBC's Ben Ando said that, privately, officers admitted that it could be frustrating dealing with internet companies who were not used to being policed and were reluctant to agree to anything that they perceived to be an infringement of their freedoms.