Thread: Three Indicted in Largest Corporate Identity Theft Case in H

Three Indicted in Largest Corporate Identity Theft Case in History

FOXNEWS.com
Monday, August 17, 2009

DEVELOPING STORY:

Three men have been indicted in New Jersey in an identity theft case that the Justice Department is labeling as the largest in history.

Authorities say more than 130 million credit and debit card numbers were stolen in a corporate data breach involving five different companies.

This is a developing story. Please click refresh for updates.

http://www.foxnews.com/story/0,2933,540060,00.html

DEVELOPING STORY:

Three men have been indicted in New Jersey in a massive identity theft case that the Justice Department is labeling as the largest in history.

Albert Gonzalez, 28, is charged with acting with two unnamed conspirators to locate large corporations in a crime that the Department of Justice calls "the single largest hacking and identity theft case ever prosecuted."

Authorities say more than 130 million credit and debit card numbers were stolen in a corporate data breach involving three different corporations and two individuals. The card numbers, along with account information, were stolen from Princeton-based Heartland Payment Systems; 7-Eleven Inc., a Texas-based convenience store chain and Hannaford Brothers Company, a Maine-based supermarket chain. The indictment also mentions two other unidentified corporate victims as being hacked by the co-conspirators.

According to the Justice Department, the suspects used a sophisticated hacking technique called an "SQL injection attack," which "seeks to exploit computer networks by finding a way around the network's firewall to steal credit card and debit information."

According to a two-count indictment alleging conspiracy and conspiracy to engage in wire-fraud, beginning in October 2006, Gonzalez and the others would seek out Fortune 500 companies and attempt to identify potential vulnerabilities in computer systems.

After reconnaissance of the computer systems was completed, information would be uploaded to servers which served as hacking platforms. Once the information was discovered, it was stolen from the corporate servers and placed onto servers controlled by the suspects.

Upon stealing the data, Gonzalez and his co-conspirators would seek to seel the data to others who would then use it to make fraudulent purchases, unauthorized withdrawals from banks and other identity theft schemes, the Justice Department said Monday.

If convicted, Gonzalez could face up to 20 years on a charge of wire-fraud conspiracy and an additional five on the conspiracy charge. He also faces fines of up to $250,000 for each charge. He is currently in federal custody.

The latest charges are hardly Gonzalez's first brush with the law -- in May 2008, the U.S. Attorney's Office of New York charged him for his alleged role in the hacking of a computer network run by a national restaurant chain. He is slated to stand trial on those charges in September of 2009.

In August of 2008, he was indicted on additional charges for a number of hacks into eight major retailers that related to an estimated 40 million credit cards. He is scheduled for trail on those charges in 2010, the Department of Justice said.

This is a developing story. Please click refresh for updates.

http://www.foxnews.com/story/0,2933,540060,00.html

Heard on CNBC that the unnamed co-conspirators were a couple of Russians. Nice.
What really worries me is not that my credit card may be used in Moscow, but that so much of our information has already been sent to India to be processed, because it's cheaper. That includes medical billing, payrolls, etc.