Chinese Network Selling Thousands of Fake US and Canadian IDs

A recent investigation by cybersecurity firm CloudSEK has exposed a major operation based in China that is selling high-quality, counterfeit US and Canadian driver’s licenses and Social Security cards. The company has dubbed the operation “ForgeCraft.”

According to the research white paper, which was shared with Hackread.com, the extensive network has already sold over 6,500 fake IDs to more than 4,500 buyers across North America, generating over $785,000 in revenue.

****Tactics and Consequences****

The investigation, led by CloudSEK’s STRIKE team, exposed a sophisticated operation. The group used a large network of over 83 websites to sell its products. The fake IDs were designed to look just like real documents, complete with scannable barcodes, holograms, and special UV markings.

Nearly 60% (3,800) of buyers were over the age of 25. A specific case study revealed a buyer who purchased 42 counterfeit commercial driver’s licenses linked to two trucking companies with a history of regulatory issues.

These fake IDs can now be used to put unauthorised drivers on the road, engage in illicit activities, pass banking verification, create social media accounts, and even bypass age verification measures to access restricted adult sites.

Currently, according to World Population Review’s data, several US states have either implemented or are in the process of implementing a UK-style online age verification system, and these fake ID cards can enable teens to bypass those restrictions.

The fake IDs also threaten national security by bypassing border and law enforcement checks, may enable financial fraud, including SIM swaps and account takeovers, and can be used to exploit election integrity through voter fraud.

Credit: CloudSEK

****Covert Delivery and Global Reach****

To avoid detection, the group used a clever method of “covert packaging” when shipping the fake IDs through major couriers like FedEx and USPS. The licenses were concealed inside everyday items like purses, toys, or within the layers of cardboard shipping boxes. CloudSEK researchers even obtained a tracking number for a package sent from China to Canada, confirming that the fake IDs were successfully delivered to customers.

To help buyers find the hidden documents, the group also provided tutorial videos on how to tear open the packaging and retrieve the cards. One such video led to an exact match with a customer’s details found in the group’s database, proving the network was active and fulfilling orders.

Social media platforms like TikTok, Facebook, Telegram, and YouTube were used to promote these services with ads that openly boasted about illegal uses like bypassing age restrictions or police checks. The counterfeit IDs were sold for as low as $65 each in bulk. The money was collected through various payment channels, including PayPal, LianLian Pay, and cryptocurrencies like Bitcoin and Ethereum.

Using a combination of human intelligence and online research, CloudSEK could pinpoint the main operator’s location in Xiamen, Fujian, China. Researchers even captured a facial image of the individual through their webcam.

Credit: CloudSEK

This detailed evidence has been shared with authorities in the hopes of disrupting the operation. The firm is urging law enforcement to seize the domains and encouraging courier services like FedEx and DHL to be more watchful in detecting the covert packaging methods.

Ibrahim Saify, a security analyst at CloudSEK, commented on the findings, stating, “This case demonstrates the critical importance of comprehensive threat intelligence in combating sophisticated criminal operations. Without visibility across social media, dark web, and infrastructure channels, investigations of this depth would be nearly impossible.”