Identity Theft: 11 Charged in Biggest Us Case
Hackers steal more than 41m credit and debit card numbers from big retailers
Eleven people were today charged in the US in connection with the theft of more than 41m credit and debit card numbers in the country's biggest case of identity theft.
It is believed to be the largest hacking and identity theft prosecution by the US Department of Justice. Charges include conspiracy, computer intrusion, fraud and identity theft, and involve the breaching of nine major US retailers' computer defenses.
The indictment, returned by a federal grand jury in Boston, said the suspects had hacked into the wireless computer networks of retailers including TJX Cos, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW.
Three of those charged are US citizens; three are from Estonia, three from Ukraine, two from China and one from Belarus.
"While technology has made our lives much easier, it has also created new vulnerabilities," US attorney Michael Sullivan said. "This case clearly shows how strokes on a keyboard with a criminal purpose can have costly results."
Sullivan said the alleged thieves were not computer geniuses, just opportunists who had used a technique called "wardriving", which involves cruising through different areas with a laptop and looking for accessible wireless internet signals.
Once they had located a vulnerable network, he said, they installed "sniffer programs" that captured credit and debit card numbers as they moved through a retailer's processing networks.
The information was stored on two servers, in Ukraine and Latvia. One of these contained more than 25m credit and debit card numbers, the other more than 16m, Sullivan said.
"They used sophisticated computer hacking techniques that would allow them to breach security systems and install programs that gathered enormous quantities of personal financial data, which they then allegedly either sold to others or used themselves," said the attorney general, Michael Mukasey, in a press conference.
"In total, they caused widespread losses by banks, retailers, and consumers."
Mukasey said the total amount of the alleged theft was "impossible to quantify at this point". He said officials still had not identified all the victims who had had credit or debit card numbers stolen.
"I suspect that a lot of people are unaware that their identifying information has been compromised," he warned.
It is believed to be the largest hacking and identity theft prosecution by the US Department of Justice. Charges include conspiracy, computer intrusion, fraud and identity theft, and involve the breaching of nine major US retailers' computer defenses.
The indictment, returned by a federal grand jury in Boston, said the suspects had hacked into the wireless computer networks of retailers including TJX Cos, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW.
Three of those charged are US citizens; three are from Estonia, three from Ukraine, two from China and one from Belarus.
"While technology has made our lives much easier, it has also created new vulnerabilities," US attorney Michael Sullivan said. "This case clearly shows how strokes on a keyboard with a criminal purpose can have costly results."
Sullivan said the alleged thieves were not computer geniuses, just opportunists who had used a technique called "wardriving", which involves cruising through different areas with a laptop and looking for accessible wireless internet signals.
Once they had located a vulnerable network, he said, they installed "sniffer programs" that captured credit and debit card numbers as they moved through a retailer's processing networks.
The information was stored on two servers, in Ukraine and Latvia. One of these contained more than 25m credit and debit card numbers, the other more than 16m, Sullivan said.
"They used sophisticated computer hacking techniques that would allow them to breach security systems and install programs that gathered enormous quantities of personal financial data, which they then allegedly either sold to others or used themselves," said the attorney general, Michael Mukasey, in a press conference.
"In total, they caused widespread losses by banks, retailers, and consumers."
Mukasey said the total amount of the alleged theft was "impossible to quantify at this point". He said officials still had not identified all the victims who had had credit or debit card numbers stolen.
"I suspect that a lot of people are unaware that their identifying information has been compromised," he warned.
Use the feedback form below to submit your comments.
Use the form below to email this article to your friends.
- US Authorities Net 'top Spammer'
- US Troops at Risk From Civil Servant's Stolen Laptop
- Preventing Identity Theft
- Enterprise Identity Management
- Woman Chases Down, Helps Nab Her Own Identity Thief
- TJX Identity Thieves get Maxx for Minimum
- Five Steps to Safe Online Shopping
- Identity Theft: The G.I. Blues
- Do You Know an Identity Thief?
- Hosting Service Providers and Identity Theft
- Katharine Viner: They Stole My Name
- Knowing me, knowing you: why ID protection plans are flawed for fraud.
- Workplace Identity Theft: The Threat From Within
- Internet: A Place Where Your Identity Can Be Stolen
- Online Identity Theft
- Protecting Your Identity From Electronic Theft
- Stop Taking Risks Concerning Identity Theft
- Identity Theft Prevention Programs
- Tips to Avoid Identity Theft
- Identity Theft Punishment
- Identity Theft Facts