Thread: ID theft alive and well

US: 11 charged with credit card fraud
By ANNE D'INNOCENZIO updated 3:11 p.m. ET, Tues., Aug. 5, 2008By ANNE D'INNOCENZIO
AP Business Writer
The Associated Press
updated 3:11 p.m. ET Aug. 5, 2008
NEW YORK - The Department of Justice announced Tuesday that it had charged 11 people in connection with the hacking of nine major U.S. retailers and the theft and sale of more than 40 million credit and debit card numbers.

It is believed to be the largest hacking and identity theft case ever prosecuted by the Department of Justice. The charges include conspiracy, computer intrusion, fraud and identity theft. Three of the defendants are U.S. citizens, while the others are from places such as Estonia, Ukraine, Belarus and China.

The indictment returned Tuesday by a federal grand jury in Boston alleges that the people charged hacked into the wireless computer networks of retailers including TJX Cos, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW.

"While technology has made our lives much easier it has also created new vulnerabilities," U.S. Attorney Michael J. Sullivan said in a statement. "This case clearly shows how strokes on a keyboard with a criminal purpose can have costly results."

The indictment alleges that the hackers installed programs to capture card numbers, passwords and account information, and then concealed the data in computer servers that they controlled in the U.S. and Eastern Europe.

"They used sophisticated computer hacking techniques, breaching security systems and installing programs that gathered enormous quantities of personal financial data, which they then allegedly sold to others or used themselves," said Attorney General Michael Mukasey in prepared remarks. "And in total, they caused widespread loses by banks, retailers, and consumers."

The heist was a black eye for retailers like TJX. The company, which initially disclosed the data breach in January 2007, said a few months later that at least 45.7 million cards were exposed to possible fraud in a breach of its computer systems that began in July 2005. Court filings by some banks that sued TJX put the number of cards affected at more than 100 million, based on estimates by officials with Visa and MasterCard, who were deposed in the suit.

In May, TJX said it won support from Mastercard-issuing banks for a settlement that will pay them as much as $24 million to cover costs from the data breach. A similar agreement reached last November with Visa-card issuing banks also was overwhelmingly approved. That agreement set aside as much as $40.9 million to help banks cover costs including replacing customers payment cards and covering fraudulent charges.

Under the indictments unsealed Tuesday, three of the defendants are U.S. citizens, one is from Estonia, three are from Ukraine, two are from China and one is from Belarus. One individual is only known by an alias online, and his place of origin is unknown.

In the Boston indictment, Albert "Segvec" Gonzales of Miami, who is accused of leading the scheme, was charged with computer fraud, wire fraud, access device fraud, aggravated identity theft and conspiracy. He faces a maximum penalty of life in prison if he is convicted of all the charges.

Indictments were unsealed Tuesday in San Diego against Maksym "Maksik" Yastremskiy of Kharkov, Ukraine, and Aleksandr "Jonny Hell" Suvorov of Sillamae, Estonia. The indictments charge them with crimes related to the sale of the stolen credit card data.

Furthermore, indictments against Hung-Ming Chiu and Zhi Zhi Wang, both of China, and a person known only by the online nickname "Delpiero" were also unsealed in San Diego.

Copyright 2008 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.
URL: http://www.cnbc.com/id/26041541/for/cnbc/


--------------------------------------------------------------------------------

MSN Privacy . Legal
© 2008 CNBC.com

Wow good article.

SCARY

Identity....hey steal mine!!!!!!

U.S. Indicts 11 in Largest U.S. Identity Theft Case (Update2)

By Andrew Harris and Heather Burke

Aug. 5 (Bloomberg) -- The Justice Department charged 11 people with stealing more than 40 million credit- and debit-card numbers from nine retailers including T.J. Maxx, calling it the largest U.S. identity theft prosecution.

The defendants tapped the computer networks of TJX Cos.' Marshalls, BJ's Wholesale Club Inc., Barnes & Noble Inc. bookstores, Sports Authority, Boston Market Corp., OfficeMax Inc., Dave & Buster's restaurants, DSW Inc. shoe stores and Forever 21, the government said today.

``This is the single largest and most complex identity theft case that has ever been charged in this country,'' Attorney General Michael Mukasey said at news conference in Boston. The indictment ``highlights our increasing vulnerability to the theft of personal information.''

The cost of the identity-theft scheme to citizens may total billions of dollars, Mukasey said. Some people may not learn they've been victims ``for months or years,'' he added.

Indictments by federal grand juries in Boston and San Diego charged three U.S. residents and defendants from other countries including Estonia, Ukraine and China with identity theft, fraud and conspiracy, the Justice Department said in a statement.

They allegedly hacked into retailers' data systems by driving around the stores with a laptop, kept the information in personal computers in the U.S. and eastern Europe and converted some of it into ready-to-use bank cards, according to federal prosecutors.

`Sniffer' Software

The defendants installed ``sniffer'' software in the retailers' computer systems to capture credit and debit-card numbers along with passwords and account information, Mukasey said. Some of them encoded credit-card numbers on blank automated-teller cards to withdraw tens of thousands of dollars at a time from ATM machines, the government said.

Some of the same defendants were indicted in Brooklyn, New York, federal court in May, the government said.

The case began as three separate investigations of identity theft in southern California, New York and Boston. The probes were ``eventually coordinated'' after investigators ``realized that one ring of people were involved,'' Mukasey said.

TJX, the Framingham, Massachusetts-based owner of the T.J. Maxx and Marshalls discount chains, said in January 2007 that hackers had broken into its computer system and stolen about 45.7 million credit- and debit-card numbers.

Designer Label

The retailer, which offers designer-label clothes and home goods at discounted prices, in March settled a complaint with the Federal Trade Commission. Under the agreement, TJX must start an information-security program and undergo an external audit every other year for 20 years.

TJX also settled related claims by Visa Inc. and MasterCard Inc. In April. The retailer agreed to pay as much as $24 million to cover costs incurred by banks that issue MasterCards.

``We have worked very closely with law enforcement authorities as they conducted an extensive international investigation into this complex crime,'' TJX spokeswoman Sherry Lang said in an e-mailed statement. ``The sheer number of retailers attacked by these cyber-criminals demonstrates the much broader challenges in protecting sensitive consumer data from this increasing threat.''

In 2005, BJ's Wholesale Club and DSW Inc., the shoe discounter, also settled Federal Trade Commission allegations that they failed to protect customer credit card information from theft by hackers.

DSW Cooperating

DSW is cooperating with the U.S. probe, DSW General Counsel Bill Jordan said in an e-mailed statement. The FTC alleged that both companies failed to use ``readily available security measures'' to prevent hackers from stealing data off their wireless networks used to verify consumers' information.

``This is an old breach. It's from 2004, so we are pleased that progress is being made on this,'' BJ's spokeswoman Julie Somers said. ``We fully cooperated with the U.S. Attorney's office and will continue to do so if asked.''

The company's system now meets all credit card industry standards for protection of customer data, she said.

One of the cases is U.S. v. Gonzalez, 08cr10223, U.S. District Court for the District of Massachusetts (Boston).

To contact the reporters on this story: Andrew Harris at the federal court in Chicago at aharris16@bloomberg.net; Heather Burke in New York at hburke2@bloomberg.net.
Last Updated: August 5, 2008 17:54 EDT

http://www.bloomberg.com/apps/news?pid= ... refer=home

This will continue to happen until it is so widespread that the only choice we will have to to accept an implant chip. Those retailers knew using a wireless system has security holes. I dont use wireless for my computers and my customers data stays off line and encrypted.

Your information on passports with the RFID can also be stolen quite easily.