Hacker indicted over "largest ever case of identity theft"
By Stuart Turton
Posted on 18 Aug 2009 at 08:28
A US hacker has been accused of the largest identify theft in history, after stealing the details of 130 million credit cards.
The sophisticated scam saw 28-year old Albert Gonzalez and two unnamed Russian conspirators hack into the payments systems of a number of large retail chains, including TJ Maxx and the 7-Eleven chain, to steal credit card information which they then tried to sell on the internet.
Alongside retail chains, investigators claim Gonzalez also targeted other large corporations on the Fortune 500 list, federal buildings and the US attorney's office in New Jersey.
Once a target was identified the men would visit the stores to see what kind of checkout and payments systems were being used. According to a 14-page report outlining the scheme, they then used an SQL injection attack to steal data which was stored on computers criss-crossing the US and Eastern Europe.
Other attacks involved the installation of backdoors and sniffers onto target computers to intercept and relay data as it was entered into the system.
Gonzalez, who once worked for the secret service, faces up to 20 years in jail, with an additional five years if found guilty of a secondary charge of conspiracy. The two charges also come with a maximum fine of $250,000. Gonzalez is already been held in a New York jail, where he is awaiting trial for stealing the credit identities of about 40 million people worldwide.
Experts have suggested the fallout from the trail may not be limited to the US: "Online crime is fully international. When credit card numbers get stolen from US websites, UK cardholders are among the victims. However the UK has primitive laws and consumer protection compared with the USA," notes Professor Ross Anderson of Cambridge University.
From around the web
"Gonzalez is already been* held in a New York jail"
*Being
By iwilson on 18 Aug 2009 
Err ? Share 24 songs and get fined $1.92 million. Steal 130 million credit card details and get fined £250,000.
By cds105i on 18 Aug 2009
If this was in the UK, we'd shortly be reading that the poor lad suffered from some medical "syndrome" and wasn't really reponsible for his actions ;-)
By rjp2000 on 18 Aug 2009
@cds105i
It's a very screwed-up world we live in. Common sense just doesn't exist anymore. The culture of suing to the nth degree is what life is all about now.
I'm still amazed that it's possible to hack into some systems, as easy as these guys make it appear.
What amazes me even more, is that these companies probably don't give security a second thought when storing peoples details.
The mind boggles.
By lemonlainey on 18 Aug 2009
What did they do with this data? Did they rob people's accounts and if so - how much money did they take? Being fined $250k may seem like nothing but they also face 20 years in jail - that may give some people justice - but if they took money then this should also be returned.
By nicomo on 20 Aug 2009
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Why you have to be left in the dark on OS patches
- Publishing your email address isn't a security disaster
- Why antivirus is fighting a losing battle in your office
- Four year olds used to steal their parents' data
- An acceptable use policy for your kids
- Paying for your crimes with Bitcoin
- Pavement hacking: What it is and how to avoid it
- Google's risky pre-loaded pages
- Mac under attack: how secure is Apple's OS?
- Has your browser been hijacked?
advertisement
