Business

US charges 11 over theft of 40m credit card numbers

US PROSECUTORS have charged 11 people in connection with a hacking ring that allegedly stole and sold more than 40 million credit…

Thu Aug 07 2008 - 01:00

US PROSECUTORS have charged 11 people in connection with a hacking ring that allegedly stole and sold more than 40 million credit and debit card numbers from nine US retailers - including Irish customers at the TK Maxx chain - in what could be the country's biggest identity theft case.

The scheme involved residents of at least five countries who breached security systems and installed programs that gathered personal financial data which they sold to others or used themselves, prosecutors claimed in indictments unsealed in Boston and San Diego yesterday.

Three of the defendants are US citizens, one is from Estonia, three are from Ukraine, two are from China and one is from Belarus. One individual is only known by an alias online, and his place of origin is unknown, prosecutors said.

"So far as we know, this is the single largest and most complex identity theft case ever charged in this country," said US attorney general Michael Mukasey, who added that the case highlighted "our increasing vulnerability" to personal information theft.

READ MORE

The cost of the scheme, which targeted retailers - including Marshalls and TJ Maxx (which trades in Ireland as TK Maxx) - "is impossible to quantify at this point", but was probably in the tens of millions of dollars, he said.

At the heart of the ring was Albert "Segvec" Gonzalez of Miami, who was working as an informant for the US Secret Service when investigators discovered he was criminally involved in the case, prosecutors said.

He and his co-conspirators allegedly obtained credit and debit card numbers by "wardriving" - driving around in a car with a laptop looking for accessible wireless networks. Once inside, they used "sniffer" programs to capture card details.

They then concealed the data in encrypted computer servers they controlled in eastern Europe and the US, and allegedly sold some numbers to other criminals via the internet, prosecutors said.

The stolen numbers were "cashed out" by encoding card numbers on the magnetic strips of blank cards that were used to withdraw tens of thousands of dollars at ATMs.

- (Financial Times service)

Business Today

Business Today

Get the latest business news and commentary from our expert business team in your inbox every weekday morning