Vignati loosely described a cross-continent saga that begins with a criminal injecting himself into a product website, that person is referred to as an ‘injector.’ Then a ‘dumper,’ usually the same person as the ‘injector,’ collects personal data of website customers. Finally a ‘stuffer’ uses the stolen information to buy products.
But herein lies a dilemma for the thieves: “How do the crooks get products stolen in the United States back to Russia without being detected?” Enter the recruiters. They hire the "mules," who will purchase package labels from dubious companies with ties to Russian criminals, often thinking it's a legitimate job. The recruiters go so far as to create familiar job applications that include requests for three references, to make the companies seem legit to the mules. But not all the mules are naive. The mules break down into two groups: the unsuspecting job seeker and the knowing criminal--and both are used to transport stolen goods.
Vignati described how a 'panel' of mules print the labels and send the stolen products to Russia, typically through an United States Postal Service’s online mailing service. A ‘control panel’ keeps tabs on the mules to make sure they’re following up on their responsibilities, making calls and leaving messages on cell phones. All of this requires a team of translators and organizers to keep the product flowing to its final destination in Russia, where a much larger organization will then take over for distribution.
Vignati said there was an important key to dissecting the network's operation.
"Instead of following the money, we followed the package."