CloudSEK, a leading cybersecurity firm, has exposed a sophisticated China-based operation selling high-quality counterfeit U.S. and Canadian driver’s licenses and Social Security Number (SSN) cards, posing a severe threat to national security, financial systems, and public trust.
The investigation, conducted by CloudSEK’s STRIKE team, uncovered a sprawling network of 83+ interconnected domains supported by 24/7 WeChat customer support, custom order flows, and multiple payment channels. Analysis of the exfiltrated database revealed over 6,500 counterfeit licenses sold to 4,500+ buyers, generating more than $785,000 in revenue.
A Hidden Threat Undermining Trust
Counterfeit IDs aren’t just tools for underage drinking—they enable serious crimes, including illegal firearm purchases, SIM-swap fraud, large-scale logistics misuse, and even election interference. CloudSEK researchers confirmed that the IDs, priced as low as $65 in bulk, are fully scannable and replicate advanced security features such as holograms, UV markings, laser engraving, and relief printing, making them nearly indistinguishable from genuine documents.
“This isn’t just about fake IDs – this is about a systematic attack on the foundation of trust that underpins our financial, legal, and civic systems,” said Sourajeet Majumder, security researcher at CloudSEK STRIKE. “When a single counterfeit license can enable unauthorized drivers, bypass compliance checks, or facilitate smuggling, we’re looking at a genuine national security threat.”
Sophisticated Operations
The threat actor demonstrated remarkable sophistication:
- Shell E-commerce Sites: Transactions were routed through fake online stores (clothing, shoes, accessories) to mask payments via PayPal, LianLian Pay, and cryptocurrencies.
- Covert Packaging: IDs were shipped globally via FedEx, USPS, DHL, and Canada Post, hidden inside toys, purses, or layered cardboard with camouflage stickers to evade detection. Tutorial videos guided buyers on retrieving concealed IDs.
- Systemic Misuse: One buyer linked to two trucking companies with revoked U.S. operating authorities purchased 42 counterfeit commercial driver’s licenses—highlighting risks to transportation safety and regulatory integrity.
- High-Confidence Attribution: Through HUMINT and OSINT, CloudSEK pinpointed the actor’s exact geolocation in Xiamen, Fujian, China and obtained a facial image via webcam capture.
Key Findings
- Massive Scale: Over 6,500 fake IDs sold, with dense clusters of buyers in New York, Pennsylvania, Florida, Georgia, Ontario, and British Columbia.
- Financial Footprint: $785,000+ generated through PayPal, LianLian Pay, Bitcoin, Ethereum, and Western Union.
- Age Analysis: Nearly 60% of buyers were above 25 years old, signaling intentions beyond casual misuse.
- Marketing Tactics: The network promoted IDs via Meta Ads, TikTok, Telegram, and YouTube, openly advertising uses like passing police checks, renting cars, or accessing benefits.
Real-World Consequences
The implications are far-reaching:
- National Security: Fake IDs can bypass airport, border, and law enforcement checks.
- Financial Fraud: Scannable IDs enable SIM swaps and account takeovers.
- Election Integrity: IDs can be exploited for mail-in ballot and voter registration fraud.
- Logistics & Trafficking Risks: Fake commercial driver’s licenses allow unlicensed operators to bypass U.S. Department of Transportation checks.
A Call to Action
CloudSEK urges urgent global action:
- Law Enforcement: Seize the 83+ domains and pursue legal action using attribution evidence.
- Courier Vigilance: Alert FedEx, USPS, and DHL to the covert packaging tactics.
- Payment Processors: Trace and freeze illicit accounts across PayPal, Western Union, and crypto platforms.
- Continuous Monitoring: Deploy threat intelligence platforms like CloudSEK’s XVigil for proactive detection.
For More Information, Read The Full Report
Like this:
Like Loading...
Related
This entry was posted on September 18, 2025 at 4:13 pm and is filed under Commentary with tags CloudSEK. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
CloudSEK Exposes China-Linked Counterfeit ID Operation Flooding North America with Fake Licenses
CloudSEK, a leading cybersecurity firm, has exposed a sophisticated China-based operation selling high-quality counterfeit U.S. and Canadian driver’s licenses and Social Security Number (SSN) cards, posing a severe threat to national security, financial systems, and public trust.
The investigation, conducted by CloudSEK’s STRIKE team, uncovered a sprawling network of 83+ interconnected domains supported by 24/7 WeChat customer support, custom order flows, and multiple payment channels. Analysis of the exfiltrated database revealed over 6,500 counterfeit licenses sold to 4,500+ buyers, generating more than $785,000 in revenue.
A Hidden Threat Undermining Trust
Counterfeit IDs aren’t just tools for underage drinking—they enable serious crimes, including illegal firearm purchases, SIM-swap fraud, large-scale logistics misuse, and even election interference. CloudSEK researchers confirmed that the IDs, priced as low as $65 in bulk, are fully scannable and replicate advanced security features such as holograms, UV markings, laser engraving, and relief printing, making them nearly indistinguishable from genuine documents.
“This isn’t just about fake IDs – this is about a systematic attack on the foundation of trust that underpins our financial, legal, and civic systems,” said Sourajeet Majumder, security researcher at CloudSEK STRIKE. “When a single counterfeit license can enable unauthorized drivers, bypass compliance checks, or facilitate smuggling, we’re looking at a genuine national security threat.”
Sophisticated Operations
The threat actor demonstrated remarkable sophistication:
Key Findings
Real-World Consequences
The implications are far-reaching:
A Call to Action
CloudSEK urges urgent global action:
For More Information, Read The Full Report
Share this:
Like this:
Related
This entry was posted on September 18, 2025 at 4:13 pm and is filed under Commentary with tags CloudSEK. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.