News:

And we're back!

Main Menu

Man charged in largest-ever ID theft scheme

Started by jimmy olsen, August 17, 2009, 05:09:44 PM

Previous topic - Next topic

jimmy olsen

Man, with schemes like this around it seems that everyone's identity must have been stolen at least once by now.

http://www.msnbc.msn.com/id/32450595/ns/technology_and_science-security/
QuoteMan charged in largest-ever ID theft scheme
Ex-informant, two others tried to gain access to 130 million accounts

updated 9 minutes ago

WASHINGTON - Federal prosecutors on Monday charged a Miami man with the largest case of credit and debit card data theft ever in the United States, accusing the one-time government informant of plotting to swipe 130 million accounts on top of 40 million he stole previously.

Albert Gonzalez, 28, broke his own record for identity theft by hacking into retail networks, according to prosecutors, though they say his illicit computer exploits ended when he went to jail on charges stemming from an earlier case.

Gonzalez is a former informant for the U.S. Secret Service who helped the agency hunt hackers, authorities say. The agency later found out that he had also been working with criminals and feeding them information on ongoing investigations, even warning off at least one individual, according to authorities.

Gonzalez, who is already in jail awaiting trial in a hacking case, was indicted Monday in New Jersey and charged with conspiring with two other unnamed suspects to steal the private information.

Prosecutors say Gonzalez, who is known online as "soupnazi," targeted customers of convenience store giant 7-Eleven Inc. and supermarket chain Hannaford Brothers, Co. Inc. He also targeted Heartland Payment Systems, a New Jersey-based card payment processor.

According to the indictment, Gonazalez and his two Russian co-conspirators would hack into corporate computer networks and secretly place "malware," or malicious software, that would allow them backdoor access to the networks later to steal data.

Gonzalez faces up to 20 years in prison if convicted of the new charges. His lawyer did not immediately return a call for comment.

Gonzalez is awaiting trial next month in New York for allegedly helping hack the computer network of the national restaurant chain Dave and Buster's.

The Justice Department said the new case represents the largest alleged credit and debit card data breach ever charged in the United States, based on a scheme that began in October 2006.

Gonzalez allegedly devised a sophisticated attack to penetrate the computer networks, steal the card data, and send that data to computer servers in California, Illinois, Latvia, the Netherlands and Ukraine.

Also last year, the Justice Department announced additional charges against Gonzalez and others for hacking retail companies' computers for the theft of approximately 40 million credit cards. At the time, that was believed to be the biggest single case of hacking private computer networks to steal credit card data, puncturing the electronic defenses of retailers including T.J. Maxx, Barnes & Noble, Sports Authority and OfficeMax.

Prosecutors charge Gonzalez was the ringleader of the hackers in that case.

At the time of those charges, officials said the alleged thieves weren't computer geniuses, just opportunists who used a technique called "wardriving," which involved cruising through different areas with a laptop computer and looking for accessible wireless Internet signals. Once they located a vulnerable network, they installed so-called "sniffer programs" that captured credit and debit card numbers as they moved through a retailer's processing networks.

Gonzalez faces a possible life sentence if convicted in that case.

Restaurants are among the most common targets for hackers, experts said, because they often fail to update their antivirus software and other computer security systems.

Scott Christie, a former federal prosecutor now in private practice in New Jersey, said the case shows that despite the best efforts by companies to protect data privacy, there are still individuals capable of sneaking in.

"Cases like this do cause companies to sit up and take notice that this is a problem and more needs to be done," said Christie.
© 2009 The Associated Press.
It is far better for the truth to tear my flesh to pieces, then for my soul to wander through darkness in eternal damnation.

Jet: So what kind of woman is she? What's Julia like?
Faye: Ordinary. The kind of beautiful, dangerous ordinary that you just can't leave alone.
Jet: I see.
Faye: Like an angel from the underworld. Or a devil from Paradise.
--------------------------------------------
1 Karma Chameleon point

Jaron

Winner of THE grumbler point.

DisturbedPervert

Quoteaccusing the one-time government informant of plotting to swipe 130 million accounts on top of 40 million he stole previously.

This doesn't seem like a very efficient crime if after 40 million credits cards you still need more.

jimmy olsen

Quote from: DisturbedPervert on August 17, 2009, 07:23:29 PM
Quoteaccusing the one-time government informant of plotting to swipe 130 million accounts on top of 40 million he stole previously.

This doesn't seem like a very efficient crime if after 40 million credits cards you still need more.

:lol:
It is far better for the truth to tear my flesh to pieces, then for my soul to wander through darkness in eternal damnation.

Jet: So what kind of woman is she? What's Julia like?
Faye: Ordinary. The kind of beautiful, dangerous ordinary that you just can't leave alone.
Jet: I see.
Faye: Like an angel from the underworld. Or a devil from Paradise.
--------------------------------------------
1 Karma Chameleon point

DontSayBanana

Seriously. If he had put two cents on every card, which wouldn't raise flags with any card issuer, he'd have gotten $800K out of the first batch.
Experience bij!

Caliga

FUN FACT:  I personally staffed out most of the software development operation at Heartland Payment Systems (and about 5-6 people on their infrastructure side as well).  One of the guys that works there told me the theft wasn't as big as deal as the media is making it out to be... which I have a hard time comprehending, but that's what he told me. :mellow:
0 Ed Anger Disapproval Points

derspiess

Quote from: Caliga on August 19, 2009, 09:41:12 AM
One of the guys that works there told me the theft wasn't as big as deal as the media is making it out to be... which I have a hard time comprehending, but that's what he told me. :mellow:

I can tell you it was a big deal.  Almost all my customers (banks) were hit with significant fraud. 

This Gonzalez f*cker created a lot of unnecessary work for me & I hope they either hang him or deport him, even if he was born here.
"If you can play a guitar and harmonica at the same time, like Bob Dylan or Neil Young, you're a genius. But make that extra bit of effort and strap some cymbals to your knees, suddenly people want to get the hell away from you."  --Rich Hall

Caliga

He might have meant that it wasn't a big deal with respect to his department.  Those dudes mostly develop internal apps.  Like I said, I thought it was a weird comment.
0 Ed Anger Disapproval Points

KRonn

At the time of those charges, officials said the alleged thieves weren't computer geniuses, just opportunists who used a technique called "wardriving," which involved cruising through different areas with a laptop computer and looking for accessible wireless Internet signals. Once they located a vulnerable network, they installed so-called "sniffer programs" that captured credit and debit card numbers as they moved through a retailer's processing networks.

I've heard of this being done, or something like it. Thieves will sit outside a store and monitor wireless customer transactions if those aren't encrypted or protected.

Caliga

Wardriving itself doesn't typically involve hacking... I have used my Dell Axim PDA w/WiFi to access people's unprotected networks, but mainly just to get net access.  It's kinda fun actually.
0 Ed Anger Disapproval Points

KRonn

Quote from: Caliga on August 19, 2009, 09:54:20 AM
Wardriving itself doesn't typically involve hacking... I have used my Dell Axim PDA w/WiFi to access people's unprotected networks, but mainly just to get net access.  It's kinda fun actually.
Yeah, good point.

Pretty concerning stuff though, if Stores don't have secure systems for transmitting customer credit card or other financial data.

Eddie Teach

So he couldn't get hired after doing such a shitty job as attorney general and turned to crime instead?  :(
To sleep, perchance to dream. But in that sleep of death, what dreams may come?

The Brain

MB has created more accounts than this guy has swiped. BFD.
Women want me. Men want to be with me.