It’s the biggest computer hacking and credit-card fraud in history. Some 11 people, including a US Secret Service grass, have been charged with hacking computer systems of nine major US retailers and the theft and sale of more than 41 million credit and debit card numbers.
The suspects have been charged with conspiracy, computer intrusion, fraud and identity theft. three of them are US citizens; the others hail from Estonia, Ukraine, Belarus and China.
The indictment alleges that the suspects hacked into the wireless computer networks of major US retailers including TJX, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW. Once in, they set up programs that captured card numbers, passwords and account information.
They either sold this information to others or used it themselves. In total, said US Attorney General Michael Mukasey, “they caused widespread losses by banks, retailers, and consumers.”
US Attorney Michael Sullivan said the 11 accused weren’t computer geniuses, just opportunists who used a technique called “wardriving”. This involved cruising through areas with a laptop and looking for accessible wireless Internet signals.
Once they located a vulnerable network, they installed sniffer programs that
captured credit and debit card numbers as they moved through a retailer’s
processing networks.
The US Justice Department says the defendants made “tens of millions” of dollars from their scheme, and had used the stolen data to make cards that withdrew “tens of thousands of dollars at a time” from automated teller machines.
Complicating the case, the alleged ringleader, Albert Gonzalez of Miami, was said to have been working as an informant for the Secret Service. His indictment states that during the course of his “cooperation,” he obtained sensitive information that he used “to warn off conspirators and ensure that they would not be identified and arrested.”
Another suspect, Maxym Yastremskiy, a Ukrainian who has been arrested in Turkey, is accused of creating a Web site to sell the stolen account information to buyers around the world. It wasn’t known last night if any Australian buyers were involved.