Full Report
BOZEMAN – The operator of illegal online marketplaces that sold digital templates of false identity documents, such as passports, social security cards, and driver’s licenses, was charged in a nine-count federal indictment unsealed in the District of Montana today, U.S. Attorney Kurt Alme said. The United States also announced that it seized three of the marketplace... Source
Analysis Summary
# Threat Actor: Zahid Hasan (Unattributed Cybercriminal)
## Attribution & Identity
* **Identity:** Zahid Hasan, 29, residing in Dhaka, Bangladesh.
* **Associated Groups:** Operated illegal online marketplaces under names including "**TechTreek**" and "**EGiftCardStoreBD**."
* **Attribution Source:** Charged via federal indictment in the District of Montana.
## Activity Summary
* **Historical Activities:** Operated illegal online marketplaces from at least 2021 through 2025, based out of Bangladesh.
* **Recent Operations:** Allegedly received Bitcoin payments and transferred fraudulent templates to customers, including an individual in Bozeman, Montana, on May 13, 2025. Generated over \$2.9 million from sales to more than 1,400 customers globally over four years.
## Tactics, Techniques & Procedures
* **Online Marketplace Operation:** Established and maintained illegal e-commerce platforms to sell counterfeit digital identity templates.
* **Financial Transactions:** Accepted *virtual currencies*, specifically Bitcoin, for payment.
* **Document Proliferation:** Electronically sold and transferred digital versions of high-fidelity, false identity documents.
* **Specific Offenses:** Charged with transfer of false identification documents, false use of a passport, and social security fraud.
* **MITRE ATT&CK IDs:** Not specified in the source, but relevant tactics likely fall under **T1583.002 (Create/Acquire Infrastructure: Marketplace)** and **T1588.004 (Obtain Capabilities: Credentials)** (in the context of providing tools for fraud).
## Targeting
* **Sectors:** Financial services, online processing platforms, social media sites, and digital currency platforms (as downstream targets of the final identity document users).
* **Geography:** Global customer base; operations based in Bangladesh; specific charging action focused on the District of Montana, US.
* **Victims:** The US government (through fraudulent document issuance) and individuals/entities targeted by customers using the fraudulent documents to create false accounts.
## Tools & Infrastructure
* **Marketplace Domains Seized:**
* www[.]techtreek[.]com
* www[.]egiftcardstorebd[.]com
* www[.]idtempl[.]com
* **Malware Families Used:** None specified.
* **C2/Infrastructure:** Online marketplaces hosted internationally.
## Implications
This actor represents a significant source in the identity theft ecosystem, providing the foundational counterfeit materials (templates for passports, SSNs, driver’s licenses) commonly used by cybercriminals to bypass KYC/AML procedures for activities like bank fraud, account takeover, and illicit financial transfers. The scale of transactions (\$2.9M) indicates a successful, sophisticated criminal business model enabled by cryptocurrency payments.
## Mitigations
* **Monitor Cryptocurrency Transactions:** Implement enhanced monitoring for cryptocurrency inflows associated with known fraudulent marketplace wallet addresses.
* **Domain Takedown/Seizure Coordination:** Aggressive international coordination (FBI, local police) to seize and take down infrastructure hosting the sale of fraudulent documents.
* **Digital Identity Verification Hardening:** Downstream entities (banks, social media platforms) must enhance verification protocols, moving beyond basic template checks if these templates are being utilized for onboarding.