The Justice Department charged 11 people in connection with the massive credit and debit card number theft from various retailers, including TJX, BJs and OfficeMax.
The group charged were involved in the theft of more than 40 million credit and debit card numbers that officials said they is the largest identity-theft case ever prosecuted by the Department of Justice.
In an indictment returned today by a federal grand jury in Boston, Albert "Segvec" Gonzalez, of Miami, was charged with computer fraud, wire fraud, access device fraud, aggravated identity theft and conspiracy for his role in the scheme. Charges were also brought on related charges against Christopher Scott and Damon Patrick Toey, both of Miami, the DOJ said. Gonzalez was previously arrested by the Secret Service in 2003 for access device fraud. During the course of this investigation, the Secret Service discovered that Gonzalez, who was working as a confidential informant for the agency, was criminally involved in the case. Because of the size and scope of his criminal activity, Gonzalez faces a maximum penalty of life in prison if he is convicted of all the charges alleged in the Boston indictment.
Others from Estonia, China and Belarus were also charged.
The indictment alleges that during the course of the sophisticated conspiracy, Gonzalez and his co-conspirators obtained the credit and debit card numbers by "wardriving" and hacking into the wireless computer networks of major retailers - including TJX Companies, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW. Once inside the networks, they installed "sniffer" programs that would capture card numbers, as well as password and account information, as they moved through the retailers' credit and debit processing networks, the DOJ said.
The indictment alleges that after they collected the data, the conspirators concealed the data in encrypted computer servers that they controlled in Eastern Europe and the United States. They allegedly sold some of the credit and debit card numbers, via the Internet, to other criminals in the United States and Eastern Europe. The stolen numbers were "cashed out" by encoding card numbers on the magnetic strips of blank cards. The defendants then used these cards to withdraw tens of thousands of dollars at a time from ATMs. Gonzalez and others were allegedly able to conceal and launder their fraud proceeds by using anonymous Internet-based currencies both within the United States and abroad, and by channeling funds through bank accounts in Eastern Europe, the DOJ said.
"They used sophisticated computer hacking techniques, breaching security systems and installing programs that gathered enormous quantities of personal financial data, which they then allegedly sold to others or used themselves," said Attorney General Michael Mukasey in prepared remarks. "And in total, they caused widespread loses by banks, retailers, and consumers."
Retailers, particularly TJX are still suffering from the impact of the data breach. For example, in an agreement reached in March and finalized just last week, TJX settled Federal Trade Commission charges that it failed to provide reasonable and appropriate security for sensitive consumer information. The settlement requires that the company implement comprehensive information security programs and obtain audits by independent third-party security professionals every other year for 20 years. No fines or consumer reimbursements were part of the settlement.
The FTC settlement doesn't get the company out of the woods however as almost 40 states and other Federal investigations loom.
According to the FTC complaint, TJX, with over 2,500 stores worldwide, failed to use reasonable and appropriate security measures to prevent unauthorized access to personal information on its computer networks. An intruder exploited these failures and obtained tens of millions of credit and debit payment cards that consumers used at TJX's stores, as well as the personal information of approximately 455,000 consumers who returned merchandise to the stores. Banks have claimed that tens of millions of dollars in fraudulent charges have been made on the cards and millions of cards have been cancelled and reissued.
Layer 8 in a box
Check out these related stories:
DARPA earmarks $10M to keep heat out of electronics
US sets national emergency responder communications plan
NASA Shakes, Bakes, Rattles and Blasts Lunar Spaceship
Lots of excuses, little use of encryption on government mobile computers
NASA Looking For a Few Cool (and Green) Aircraft
Researchers get $2.6M to cultivate energy-efficient virtualized data center
Watchdogs question US Post Office outsourcing system
Advertisement: |
The Leader in Network Knowledge
Loosers Will Pay Minimal Price for the Money They Stole
A part of society will feel sorry for these criminals. They will say that the criminals here are the real victims because they had to resort to these tacticts and were "forced" by society's expectations to do these crimes. They will say that the victims are the real criminals (as part of society overall) because we have not reached out to them sufficiently to help them to excel in non-criminal activities. THAT IS BULL-SHIP (word substitution here). Lock these loosers away, have them work for minimum wage 18 hours-a-day to begin to repay the multiple millions of dollars in damages. In some countries they would be punished. Unfortunately here in the US, they can cut deals, get out in less time then is being proposed and are not required to work in prison. Oh they will have access to television, gym facilities, air conditioning, free lodging, hanging out with fellow "friends" all day and fully paid meals. What about the costs to us? Yes the retailers have liability here, but the loosers that did the crime were the ones who actually executed the theft.
Annoyed is an idiot
These thieves exist because (1) they are criminals; and (2) the agencies/banks/lenders are totally oblivious to security when it comes to Other People's Money.
Put the criminals in jail for the rest of their lives. No parole, no outside communication - let them be dead to the world.
Take 100% of the individual's losses from the banks, etc. and teach them a lesson about information security (4 digit PIN my muscular buttocks - all of my passcodes exceed 16 characters).
Tell Annoyed that if the candy wasn't there for the taking - the candy would still be there.
The victims are the account holders - everybody else is negligent or criminal.
Oh, yeah- Annoyed- I'd support MANDATORY DEATH for anybody who steals $1,000,000.00 - and the targets would be the Bankers and Brokers who stole your money. Imagine the tears at the execution of Charles H. Keating! Or, those military contractors who can't account for the billions that they lost.....
Steal a million - and die. Sounds like a deterrent to me.
Now we're talking! So many
Now we're talking! So many people feel relaxed after hearing this, these identity thefts are charged but there are other to come take their place so keeping our vigilance forward is recommendable.
Karen, 3 in 1 Credit Report
Post new comment