11 Charged

Posted on August 7, 2008
Filed Under Security News |

The largest data theft and identity theft case prosecuted by the Department of Justice, leads to eleven people being charged with numerous crimes, including conspiracy, computer intrusion, fraud and identity theft, the DOJ announced, charges relate to the theft of more than 40 million credit and debit card numbers.

Attorney General Michael B. Mukasey and U.S. Attorneys from Massachusetts, the Southern District of California, the Eastern District of New York, and U.S. Secret Service Director Mark Sullivan all had a hand in the case and released information explaining the scope of the conspiracy.

“While technology has made our lives much easier it has also created new vulnerabilities. This case clearly shows how strokes on a keyboard with a criminal purpose can have costly results. Consumers, companies and governments from around the world must further develop ways to protect our sensitive personal and business information and detect those, whether here or abroad, that conspire to exploit technology for criminal gain,” added U.S. Attorney Michael J. Sullivan.

In an indictment returned on Aug. 5, 2008, by a federal grand jury in Boston, Albert “Segvec” Gonzalez, Christopher Scott and Damon Patrick Toey, of Miami, were charged with computer fraud, wire fraud, access device fraud, aggravated identity theft, and conspiracy for their role in the scheme. However, Gonzalez is at the center of the case, while not named as the “ring leader,” he is the focus of many of the recently released court documents.

The Boston indictment claims that Gonzalez and his fellow conspirators obtained credit and debit card numbers by wardriving and hacking into the wireless computer networks of major retailers — including TJX Companies, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW.

Once inside, the attackers installed sniffers that collected information and stored it in a central location. Gonzalez and his crew are then said to have sold some of the credit and debit card numbers, via the Internet, to others in the United States and Eastern Europe. The stolen numbers were then “cashed out” by encoding card numbers on the magnetic strips of blank cards. The newly minted cards were used to withdraw tens of thousands of dollars at a time from ATMs. Gonzalez and others were allegedly able to conceal and launder their fraud proceeds by using anonymous Internet-based currencies both within the United States and abroad, and by channeling funds through bank accounts in Eastern Europe.

Bookmark to: