Subscription Center
Aug 18, 2009 04:27 PM | 2
The Justice Department yesterday announced indictments against three hackers thought to be involved in a data theft affecting 130 million credit and debit card accounts, reportedly the largest breach of financial information ever perpetrated in the U.S.
All three are charged with two counts of the following: conspiracy to gain unauthorized access to computers, to commit fraud in connection with computers and to damage computers; and conspiracy to commit wire fraud. Each defendant faces a maximum of 35 years in prison and more than $1 million in fines or twice the monetary gain resulting from the offenses, whichever is greater, The Washington Post reports.
The details of the case provide insight into the complexity of cyber attacks, how criminal hackers operate, and the extent of the problem. One of those indicted includes 28-year-old Miami resident Albert Gonzalez, who also goes by the aliases "segvec," "soupnazi" and "j4guar17." Gonzalez has a long history of committing computer crimes, and even pulled off this mother-of-all computer break-ins while serving as a confidential government informant.
Law enforcement says that beginning in October 2006 Gonzalez and two other unnamed co-conspirators found ways around computer security that afforded them access to the computer systems of a number of businesses, including Heartland Payment Systems, a Princeton, N.J.–based card payment processor. After penetrating these systems, the hackers allegedly stole credit and debit card data, and then covered their tracks by sending that data to computer servers that the team operated in California, Illinois, Latvia, the Netherlands and Ukraine.
During this time, Gonzalez was working both sides of the law, since he had served as a confidential informant to the U.S. Secret Service following his arrest in 2003 for credit card fraud in another case, the Post reports. As an informant, he participated in "Operation Firewall," helping the Justice Department, Secret Service and other law enforcement organizations in 2004 bust 30 or so members of an online network used to buy and sell stolen personal and financial data.
Gonzalez's cyber rap sheet is a long one. In May 2008, the U.S. Attorney's Office for the Eastern District of New York charged Gonzalez for his alleged role in the hacking of a computer network run by a national restaurant chain. Massachusetts prosecutors have likewise indicted Gonzalez and others for a number of hacks affecting eight major retailers—including T. J. Maxx, Barnes & Noble, BJ's Wholesale Club, Boston Market, DSW, Forever 21, Office Max and Sports Authority. The resulting theft of data related to 40 million credit and debit cards, the Post reports. (Gonzalez has pled not guilty to those charges and will go on trial for them next year.)
Prior to the Heartland Payment Systems break-in, the data breach case involving these retailers had been the largest data breach case in U.S. history. This means that if Gonzalez is found guilty in both cases, he will have been a key player in the U.S.'s two largest data heists.
Gonzalez and his co-conspirators in the earlier case stole credit and debit card numbers after breaking into the retailers' wireless networks via a technique known as "wardriving," the practice of using a laptop, antenna and global positioning system to detect wireless access points and determine how they're configured. Once inside the networks, the hackers installed "sniffer" programs to capture card numbers, passwords and account information, as they were processed through the retailers' credit and debit processing networks.
These cyber crimes have cost Heartland $32 million and TJX (the parent company of T. J. Maxx, Marshalls and other retailers) more than $200 million thus far, according to filings the companies have made with the U.S. Securities and Exchange Commission.
Image ©iStockphoto.com/ Mike Cherim
Tags:
Securities and Exchange Commission,
Gonzalez,
Heartland Payment Systems,
TJX,
TJ Maxx
More News Blog:
Next: Renewable energy also better for workers' health
Previous: Paper or plastic--Or neither? Seattle votes today on 20-cent fee for disposable bags
See what we're tweeting about
BoraZ Artist Goes Through His "Sloth Period" http://t.co/WW12cpUJ94
Myrmecos Thanks @RelUnrelated @JDF279, but @JamieFrater has not answered previous emails, and nothing I send gets through to anyone else, either. Myrmecos Does anyone know the DMCA contact person for @listverse? They appear to be impenetrable.
Deadline: Jul 25 2013
Reward: Varies
This challenge provides an opportunity for Solvers to build a web-based or mobile “app” to explore data relationships in scholarly conte
Deadline: Jun 29 2013
Reward: $7,000 USD
The Seeker for this Challenge desires proposals for chemical methods that could rapidly degrade a dilute aqueous solution
Powered By: 
YES! Send me a free issue of Scientific American with no obligation to continue the subscription. If I like it, I will be billed for the one-year subscription.
2 Comments
Add CommentHow dumb can companies be in the way they handle credit care information in this day and age. There is excellent software for encription available for a trivial cost. Just surch for Zimmerman encription program from Germany. The program is so good that Zimmerman had to move his operation to Gremany due to the US governments' fear of the public having such an excellent encription program that they could't bread easily.
Reply | Report Abuse | Link to thisHow dumb can companies be when storing credit card information that can be hacked. There is encription software available at a trivial cost that could prevent such a disaster. Software such as Zimmerman's encription program is one of them. His program is so good that the US government would not allow him to offer it in the US so he moved his operation to Germany.
Reply | Report Abuse | Link to this