The MasterBlog: Bloomberg Printer-Friendly Page
Subscribe to The MasterBlog in a Reader Subscribe to The MasterBlog by Email

MasterBlogs Headlines

Wednesday, August 19, 2009

Bloomberg Printer-Friendly Page

Bloomberg Printer-Friendly Page: "Theft of 130 Million Credit Cards Tied to Miami Man
By David Voreacos

Aug. 18 (Bloomberg) -- A Miami man and two unidentified computer hackers were charged with stealing 130 million credit and debit card numbers in what the Justice Department said was the largest such prosecution in U.S. history.

Albert Gonzalez, a 28-year-old Miami resident, and two hackers living “in or near Russia” were indicted yesterday by a federal grand jury in Newark, New Jersey, for stealing data from Heartland Payment Systems Inc., 7-Eleven Inc., Delhaize Group’s Hannaford Brothers Co. and two unidentified national retailers.

The hackers stole 130 million card numbers from Heartland, a bank-card payment processor, starting in December 2007, by using malicious computer software, according to the 14-page indictment. An undetermined number of card numbers were stolen from 7-Eleven and 4.2 million from Hannaford, a regional supermarket chain, according to the indictment.

“This investigation marks the continued success of law enforcement in tracking down cutting edge hacking schemes committed by hackers working together across the globe,” acting U.S. Attorney Ralph Marra said in a statement.

Gonzalez, who is in federal custody in Brooklyn, New York, was indicted last year by federal grand juries in Massachusetts and New York for data breaches at companies. He was a federal informant after his arrest in New Jersey by the U.S. Secret Service in 2003 in a case involving hackers known as the Shadowcrew, the U.S. Attorney’s Office in Boston said in a statement after indicting him on Aug. 5, 2008.

Confidential Informant

“During the course of this investigation, the Secret Service discovered that Gonzalez, who was working as a confidential informant for the agency, was criminally involved in the case,” the statement said. It said he faces life in prison on last year’s charges of theft of credit and debit card numbers because of the “size and scope of his criminal activity.”

Gonzalez and the two hackers were charged in Newark yesterday with two counts of conspiracy in a scheme to sell data they stole using computers in New Jersey, California, Illinois, Latvia, Ukraine and the Netherlands, according to the indictment. He faces up to 35 years in prison in the new case.

“The scope is massive,” Assistant U.S. Attorney Erez Liebermann said yesterday in an interview.

Gonzalez’s involvement shows “he had the ability to put together teams of hackers who were able to carry out these data breaches and steal massive amounts of data in the forms of credit and debit card numbers,” Liebermann said.

‘Worked Very, Very Hard’

“This guy worked very, very hard at something he was very good at,” the prosecutor said. “He found the right people to successfully accomplish his objective, which was to identify victim corporations and steal credit and debit card numbers.”

An attorney for Gonzalez, Rene Palomino Jr. in Miami, didn’t immediately return calls seeking comment.

Dallas-based 7-Eleven said today in a statement it first learned of the security breach in late 2007. The breach was confined to customers’ use of third-party automated teller machines in its stores during a 12-day period that started on Oct. 28, 2007, 7-Eleven said.

“Steps were immediately taken to contain the security breach and prevent any recurrence,” 7-Eleven said. The card- issuing financial institutions also received notice of the incursion and each made its own decision about what steps to take next, the convenience-store operator said.

Shadowcrew Arrests

In the Shadowcrew case, the U.S. Secret Service arrested 21 people in the U.S. in October 2004 for their role in one of the largest online centers for trafficking in stolen credit and bank card numbers. Gonzalez wasn’t indicted in that case.

Federal prosecutors in Boston charged Gonzalez and others with stealing credit and debit card numbers from companies including TJX Cos., BJ’s Wholesale Club Inc., OfficeMax Inc., Barnes & Noble Inc. and Sports Authority Inc.

Prosecutors in the Eastern District of New York charged Gonzalez and others with stealing credit and debit card numbers from the Dave & Buster’s Inc. restaurant chain.

In the new case, the hackers scouted potential victims by reviewing a list of Fortune 500 companies and then visiting retail stores to identify the payment processing systems and their vulnerabilities, prosecutors said. They used software known as malware and so-called injection strings to attack the computers and steal data, prosecutors said.

‘Sniffer’ Programs

They installed “sniffer” programs to capture data “on a real-time basis” as it moved through the computer networks and used instant messaging services to advise each other on how to navigate the systems, according to the indictment. They also programmed malware to evade detection by anti-virus software and erase files that might detect its presence, prosecutors said.

Heartland, based in Princeton, New Jersey, is used by 175,000 businesses at 250,000 locations. The company said Jan. 20 it found “malicious software” in its processing system that hackers used to steal data in 2008.

“Heartland looks forward to lending whatever support we can to this investigation as well as the broader fight against global cyber criminals,” Chief Executive Officer Robert Carr said yesterday in a statement.

In a Feb. 24 conference call, Carr said the company was the subject of an informal inquiry by the Securities and Exchange Commission, as well as investigations by the Justice Department, the Federal Trade Commission and the Office of the Comptroller of the Currency.

A shareholder sued Heartland directors and officers on July 14 in federal court in Trenton, New Jersey, for alleged breach of fiduciary duty before the cyber attack.

Jason Maloni, a company spokesman, said in a July 16 interview Heartland was cooperating with government investigators. Heartland had “undergone a number of steps to enhance our security and raise the understanding of the growing threat of cyber-criminals among the entire financial sector, including our own competitors,” he said.

Heartland shares rose 28 cents to $10.91 in New York Stock Exchange composite trading.

The case is U.S. v. Gonzalez, U.S. District Court, District of New Jersey (Newark).

To contact the reporter on this story: David Voreacos in Newark, New Jersey, at dvoreacos@bloomberg.net.
Last Updated: August 18, 2009 16:11 EDT"

No comments:

Post a Comment

Commented on The MasterBlog

Tags, Categories

news United States Venezuela Finance Money Latin America Oil Current Affairs Middle East Commodities Capitalism Chavez International Relations Israel Gold Economics NT Democracy China Politics Credit Hedge Funds Banks Europe Metals Asia Palestinians Miscellaneous Stocks Dollar Mining ForEx Corruption obama Iran UK Terrorism Africa Demographics Government UN Living Bailout Military Russia Debt Tech Islam Switzerland Philosophy Judaica Science Housing PDVSA Revolution USA War petroleo Scams articles Fed Education France Canada Security Travel central_banks OPEC Castro Nuclear freedom Colombia EU Energy Mining Stocks Diplomacy bonds India drugs Anti-Semitism populism Arabs Brazil Environment Irak Saudi Arabia elections Art Cuba Food Goldman Sachs Syria Afghanistan Hamas Lebanon Silver Trade copper Anti-Israel Egypt Hizbollah Madoff Ponzi Warren Buffett press Aviation BP Euro FARC Gaza Honduras Japan Music SEC Smuggling humor socialism trading Che Guevara Freddie Mac Geneve IMF Spain Turkey currencies violence wikileaks Agriculture Bolívar ETF Restaurants Satire communism computers derivatives Al-Qaida Bubble FT Greece NY PIIGS Republicans Sarkozy Space Sports BRIC CITGO DRC Flotilla Germany Globovision Google Health Inflation Law Libya Mexico Muslim Brotherhood Nazis Pensions Peru Uranium cnbc crime cyberattack fannieMae pakistan stratfor Apollo 11 Autos BBC Bernanke CIA Chile Climate change Congo Democrats EIA Haiti Holocaust IFTTT ISIS Jordan Labor M+A New York OAS Philanthropy Shell South Africa Tufts Ukraine bitly carbon earthquake facebook racism twitter Atom BHP Beijing Business CERN CVG CapitalMarkets Congress Curaçao ECB EPA ETA Ecuador Entebbe Florida Gulf oil spill Harvard Hezbollah Human Rights ICC Kenya L'Oréal Large Hadron Collider MasterBlog Morocco Nobel Panama Paulson RIO SWF Shiites Stats Sunnis Sweden TARP Tunisia UN Watch Uganda VC Water Yen apple berksire hathaway blogs bush elderly hft iPad journalism mavi marmara nationalization psycology sex spy taxes yuan ALCASA ANC Airbus Amazon Ariel Sharon Australia Batista Bettencourt Big Bang Big Mac Bill Gates Bin Laden Blackstone Blogger Boeing COMEX Capriles Charlie Hebdo Clinton Cocoa DSK Desalination Durban EADS Ecopetrol Elkann Entrepreneur FIAT FTSE Fannie Freddie Funds GE Hayek Helicopters Higgs Boson Hitler Huntsman Ice Cream Intel Izarra KKR Keynes Khodorskovsky Krugman LBO LSE Lex Mac Malawi Maps MasterCharts MasterFeeds MasterLiving MasterMetals MasterTech Microsoft Miliband Monarchy Moon Mossad Mugabe NYSE Namibia Nestle OWS OccupyWallStreet Oman PPP Pemex Perry Philippines Post Office Private Equity Property Putin QE Rio de Janeiro Rwanda Sephardim Shimon Peres Stuxnet TMX Tennis UAV UNHRC VALE Volcker WTC WWII Wimbledon World Bank World Cup ZIRP Zapatero airlines babies citibank culture ethics foreclosures happiness history iPhone infrastructure internet jobs kissinger lahde laptops lawyers leadership lithium markets miami microfinance pharmaceuticals real estate religion startup stock exchanges strippers subprime taliban temasek ubs universities weddimg zerohedge

Subscribe via email

Enter your email address:

Delivered by FeedBurner

AddThis

MasterStats