29 May 2017
visit http://events.sap.com/gb/fsi-forum-2017/en/home

US authorities bust card hacking gang in biggest ever ID fraud case

06 August 2008  |  12356 views  |  0 digital fingerprints

US authorities have indicted an international criminal gang thought to be responsible for the theft and sale of over 40 million credit and debit card numbers that were hacked from the computer systems of nine major US retailers, including TJX.

In what is believed to be the largest hacking and ID theft case ever prosecuted by the Department of Justice (DoJ), three US citizens, one man from Estonia, three from Ukraine, two from China and one from Belarus, as well as another individual who is only known by an online alias, have been charged with numerous counts of fraud and ID theft.

In an indictment by a federal grand jury in Boston, Albert "Segvec" Gonzalez, of Miami, was charged with computer fraud, wire fraud, access device fraud, aggravated ID theft and conspiracy for his role in the scheme.

Gonzalez, alongside Christopher Scott and Damon Patrick Toey, all from Miami, are accused of hacking into the wireless computer networks of retailers, including TJX, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW.

The defendants allegedly installed "sniffer" programs that would capture card numbers, as well as password and account information, as they moved through the retailers' credit and debit processing networks.

Once the data was harvested it was concealed in encrypted computer servers that the defendants controlled in Eastern Europe and the US, says the DoJ. Some of the card numbers were sold to other criminals in the US and Eastern Europe over the Internet.

The stolen numbers were "cashed out" by encoding card numbers on the magnetic strips of blank cards. The DoJ says the defendants then used these cards to withdraw tens of thousands of dollars at a time from ATMs.

Prosecutors say Gonzalez and others were allegedly able to conceal and launder their fraud proceeds by using anonymous Internet-based currencies both within the US and abroad and by channelling funds through bank accounts in Eastern Europe.

Meanwhile, in related charges bought in San Diego, eight people are accused of operating an international stolen credit and debit card distribution ring.

In May Gonzalez, and two of the men charged in San Diego were also charged in a related indictment in New York alleging that the trio hacked into computer networks run by the Dave & Buster's restaurant chain and stole card numbers from at least 11 locations.

Gonzalez had been arrested by the secret service for access device fraud in 2003 and was actually working for the agency as an informant. But during the course of the investigation it was discovered he was involved in the activities, says the DoJ. He now faces a maximum penalty of life in prison if he is convicted of all the charges alleged in the Boston indictment.

In a statement released by the DoJ, US Attorney General, Michael Mukasey, says: "So far as we know, this is the single largest and most complex identity theft case ever charged in this country."

US Attorney Michael Sullivan, adds: "While technology has made our lives much easier it has also created new vulnerabilities. This case clearly shows how strokes on a keyboard with a criminal purpose can have costly results."

Convictions have already been made in connection to the stolen data. Last September the ringleader of a gang that used financial information stolen during the computer hacking at TJX was sentenced to five years in prison and ordered to pay nearly $600,000 in restitution.

Irving Escobar, 19, from Miami, pleaded guilty to charges that he participated in a criminal operation that used counterfeit cards featuring credit card data stolen data from the TJX data breach in December 2006.

Five other gang members who were accused of playing lesser roles in the operation also pleaded guilty to similar charges in Florida courts.

However, this gang is not believed to have been involved in the actual hacking at TJX.

UK card cloner jailed

On a smaller scale, a UK petrol station worker who used a fake card reader to clone the bank cards of hundreds customers in the Leicestershire village of Houghton-on-the-Hill has been jailed.

Abdul Samad Mohamed Raik, 33, used the card details of more than 500 cards to steal around £175,000 between October and December last year.

Raik gave himself up to police in March and admitted obtaining property by deception. He was sentenced to two years and nine months.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

TJX settles with MasterCard over security breach

TJX settles with MasterCard over security breach

03 April 2008  |  7495 views  |  0 comments
TJX settles with banks over credit card data breach

TJX settles with banks over credit card data breach

19 December 2007  |  9172 views  |  0 comments
TJX settles with Visa

TJX settles with Visa

30 November 2007  |  5637 views  |  0 comments
TJX breach gets bigger with 94 million card numbers exposed

TJX breach gets bigger with 94 million card numbers exposed

25 October 2007  |  9503 views  |  0 comments
TJX card fraud gang leader jailed

TJX card fraud gang leader jailed

18 September 2007  |  7764 views  |  0 comments
Ukrainian man linked to TJX hacking

Ukrainian man linked to TJX hacking

22 August 2007  |  6398 views  |  0 comments
TJX hack is biggest ever with 45.7 million card numbers stolen

TJX hack is biggest ever with 45.7 million card numbers stolen

29 March 2007  |  14254 views  |  1 comments
Massachusetts attorney general to probe TJX data breach

Massachusetts attorney general to probe TJX data breach

09 February 2007  |  8557 views  |  0 comments
visit www.niceactimize.comvisit www.events.sap.comvisit dh.com

Top topics

Most viewed Most shared
BBVA launches Open API marketplaceBBVA launches Open API marketplace
14392 views comments | 53 tweets | 82 linkedin
Bank/fintech collaboration can take transaction banking to new heightsBank/fintech collaboration can take transa...
8166 views comments | 12 tweets | 24 linkedin
R3 raises $107mR3 raises $107m
7679 views comments | 17 tweets | 16 linkedin
TransferWise launches multi-currency business bank accountsTransferWise launches multi-currency busin...
7489 views comments | 12 tweets | 21 linkedin

Featured job

Six Figure Base + Commission + Stock Options

Find your next job