11 charged in connection with credit card fraud

["Richard M. Smith" <rms () bsf-llc com>]

http://www.boston.com/business/articles/2008/08/05/11_charged_in_connection_
with_credit_card_fraud?mode=PF


11 charged in connection with credit card fraud


By Anne D'Innocenzio, AP Business Writer  |  August 5, 2008

NEW YORK --The Department of Justice announced Tuesday that it had charged
11 people in connection with the hacking of nine major U.S. retailers and
the theft and sale of more than 40 million credit and debit card numbers.

It is believed to be the largest hacking and identity theft case ever
prosecuted by the Department of Justice. The charges include conspiracy,
computer intrusion, fraud and identity theft.

The indictment returned Tuesday by a federal grand jury in Boston alleges
that the people charged hacked into the wireless computer networks of
retailers including TJX Cos
<http://finance.boston.com/boston?Page=QUOTE&Ticker=TJX> , BJ's
<http://finance.boston.com/boston?Page=QUOTE&Ticker=BJ>  Wholesale Club,
OfficeMax <http://finance.boston.com/boston?Page=QUOTE&Ticker=OMX> , Boston
Market, Barnes & Noble, Sports Authority, Forever 21 and DSW.

"While technology has made our lives much easier it has also created new
vulnerabilities," U.S. Attorney Michael J. Sullivan said in a statement.
"This case clearly shows how strokes on a keyboard with a criminal purpose
can have costly results."

The indictment alleges that the hackers installed programs to capture card
numbers, passwords and account information, and then concealed the data in
computer servers that they controlled in the U.S. and Eastern Europe.

The heist was a black eye for retailers like TJX. The company, which
initially disclosed the data breach in January 2007, said a few months later
that at least 45.7 million cards were exposed to possible fraud in a breach
of its computer systems that began in July 2005. Court filings by some banks
that sued TJX put the number of cards affected at more than 100 million,
based on estimates by officials with Visa and MasterCard, who were deposed
in the suit.

In May, TJX said it won support from Mastercard-issuing banks for a
settlement that will pay them as much as $24 million to cover costs from the
data breach. A similar agreement reached last November with Visa-card
issuing banks also was overwhelmingly approved. That agreement set aside as
much as $40.9 million to help banks cover costs including replacing
customers payment cards and covering fraudulent charges.

Under the indictments unsealed Tuesday, three of the defendants are U.S.
citizens, one is from Estonia, three are from Ukraine, two are from China
and one is from Belarus. One individual is only known by an alias online,
and his place of origin is unknown.

In the Boston indictment, Albert "Segvec" Gonzales of Miami, who is accused
of leading the scheme, was charged with computer fraud, wire fraud, access
device fraud, aggravated identity theft and conspiracy. He faces a maximum
penalty of life in prison if he is convicted of all the charges.

Indictments were unsealed Tuesday in San Diego against Maksym "Maksik"
Yastremskiy of Kharkov, Ukraine, and Aleksandr "Jonny Hell" Suvorov of
Sillamae, Estonia. The indictments charge them with crimes related to the
sale of the stolen credit card data.

Furthermore, indictments against Hung-Ming Chiu and Zhi Zhi Wang, both of
China, and a person known only by the online nickname "Delpiero" were also
unsealed in San Diego.
http://cache.boston.com/bonzai-fba/File-Based_Image_Resource/dingbat_story_e
nd_icon.gif

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.