After three years of ongoing investigation, The Department of Justice has issued indictments on what is believed to be the largest retail hacking scheme ever. Eleven individuals from around the globe allegedly stole over 40 million credit card numbers.
After stealing over 40 million credit card and debit card numbers, eleven individuals from around the world have been indicted by a federal grand jury on related charges. Of the eleven, only three were from the United States, with one of those being a US Secret Service informant. The remaining eight were from China, Ukraine, Belarus, Estonia and one "anonymous" individual is from an unknown origin.
According to a
press release by the Department of Justice:
Gonzalez and his co-conspirators obtained the credit and debit card numbers by "wardriving" and hacking into the wireless computer networks of major retailers — including TJX Companies, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW. Once inside the networks, they installed "sniffer" programs that would capture card numbers, as well as password and account information, as they moved through the retailers’ credit and debit processing networks.
The men allegedly formed a criminal alliance to sell the cards both in the US and abroad on the Internet. They also encoded the stolen numbers onto blank cards and stole tens of thousands of dollars from ATM machines.
Although the victims of the crimes are mostly American citizens, many of whom have yet to be identified, Attorney General Michael B. Mukasey was quoted in a
report from the MSNBC as saying that the exact amount stolen is:
"impossible to quantify at this point. I suspect that a lot of people are unaware that their identifying information has been compromised,"
One US citizen arrested and indicted, Albert "Segvec" Gonzalez had been previously arrested in 2003 for access device fraud. He was also a secret service informant and faces a maximum sentence of life in prison due to the scope of the charges associated with his informant status.
Earlier this year, Maksym "Maksik" Yastremskiy from the Ukraine and Aleksandr "Jonny Hell" Suvorov from Estonia were also charged alongside of Gonzales in a "sophisticated" hack scheme that caused over $600,000 US dollars damage in recovery efforts to financial institutions due to the theft of around 5,000 credit and debit card numbers at several
Dave & Busters locations.
In the current indictment, the thieves were able to take credit card numbers by driving around using a simple laptop computer looking for vulnerable wireless Internet signals, where they hacked into systems in an opportunistic manner.
The charges include conspiracy, computer intrusion, fraud and identity theft.
A major recovery effort is still underway for bank customers as agreements between retailers and credit card financial institutions are made to help recover the fraudulent charges associated with the identity theft scam.
Identity theft cannot be prevented but, according to the Federal Trade Commission, there are certain
basic steps that can be taken to reduce ones risk of being targeted.
Shred important documents before throwing them out (stop dumpster diving access)
Protect import account and ID numbers, like social security numbers, where thieves can use to open up accounts obtain documents
Do NOT give out personal information to anyone untrusted or unknown
Keep all information secure
*Visit their
site for more information on identity theft.
Nine Million Identities are stolen in the United States every year...
