CloudSEK Uncovers China-Based Fake ID Network Targeting U.S. and Canadian Systems

Bengaluru, India – Indian cybersecurity firm CloudSEK has exposed a sprawling China-based operation selling high-quality counterfeit U.S. and Canadian driver’s licenses and Social Security Number (SSN) cards, raising alarms over national security, financial fraud, and systemic misuse.

The investigation, led by CloudSEK’s STRIKE team, traced over 83 interconnected domains backed by round-the-clock WeChat support, custom order flows, and multiple payment options. Researchers found an exfiltrated database documenting the sale of more than 6,500 fake licenses to 4,500 buyers, generating upwards of $785,000 in revenue.

Far from being simple forgeries, the IDs replicated advanced security features such as holograms, UV markings, and laser engraving, making them nearly indistinguishable from genuine documents. Priced as low as $65 in bulk, they were shipped globally through major courier services like FedEx, USPS, and DHL, often concealed in toys or packaging layers to avoid detection.

“This isn’t just about fake IDs—it’s a direct assault on the systems of trust that hold together our financial, legal, and civic institutions,” said Sourajeet Majumder, a CloudSEK researcher. “Each counterfeit license has the potential to bypass compliance checks or enable smuggling, creating genuine national security risks.”

The network’s buyers were not limited to underage drinkers. Nearly 60% were over 25 years old, with some linked to revoked trucking companies that purchased dozens of counterfeit commercial driver’s licenses. Such misuse highlights dangers to transportation safety and regulatory oversight.

CloudSEK’s investigation traced the operation to Xiamen, Fujian, China, even capturing a facial image of the threat actor via webcam. The firm has called for urgent global action, urging law enforcement, courier services, and payment processors to dismantle the network.

“This case demonstrates the critical importance of comprehensive threat intelligence in combating sophisticated criminal operations,” said Ibrahim Saify, Security Analyst at CloudSEK. “Without visibility across social media, dark web, and infrastructure channels, investigations of this depth would be nearly impossible.”