A federal grand jury returned indictments today on 11 defendants in one of the largest hacking and online theft cases ever. The Department of Justice charged 11 individuals from around the world with stealing 40 million credit and debit card numbers, cracking the networks of nine retailers and stealing an unknown amount of money.
So far as we know, this is the single largest and most complex identity theft case ever charged in this country," said Attorney General Mukasey in a statement. "It highlights the efforts of the Justice Department to fight this pernicious crime and shows that, with the cooperation of our law enforcement partners around the world, we can identify, charge and apprehend even the most sophisticated international computer hackers."The Justice Dept said that three of the defendants are Americans, while one is from Estonia, three are from Ukraine, two are Chinese, and one is from Belarus.
The Boston indictment alleges that during the course of the sophisticated conspiracy, Albert "Segvec" Gonzalez and his co-conspirators obtained the credit and debit card numbers by "wardriving" and hacking into the wireless computer networks of major retailers -- including TJX Companies, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW. Once inside the networks, they installed "sniffer" programs that would capture card numbers, as well as password and account information, as they moved through the retailers' credit and debit processing networks. The indictment alleges that after they collected the data, the conspirators concealed the data in encrypted computer servers that they controlled in Eastern Europe and the United States. They allegedly sold some of the credit and debit card numbers, via the Internet, to other criminals in the United States and Eastern Europe. The stolen numbers were "cashed out" by encoding card numbers on the magnetic strips of blank cards. The defendants then used these cards to withdraw tens of thousands of dollars at a time from ATMs. Gonzalez and others were allegedly able to conceal and launder their fraud proceeds by using anonymous Internet-based currencies both within the United States and abroad, and by channeling funds through bank accounts in Eastern Europe.
Some good stuff here. Gonzalez had previously been arrested for access device fraud and was actually serving as informant for the Secret Service when it was discovered he was running the TJX fraud scheme. He could face life in prison if convicted. Also charged: Maksym "Maksik" Yastremskiy, of Kharkov, Ukraine, and Aleksandr "Jonny Hell" Suvorov, of Sillamae, Estonia. The indictments charge the defendants with conspiracy, possession of unauthorized access devices, trafficking in unauthorized access devices, identity theft, and aiding and abetting. In addition, Hung-Ming Chiu and Zhi Zhi Wang, of the People's Republic of China, and a person known only by the online nickname "Delpiero," face similar charges. Sergey Pavolvich, of Belarus, and Dzmitry Burak and Sergey Storchak, both of Ukraine, were charged with conspiracy to traffic in unauthorized access devices. Yastremskiy, Suvorov, Chiu, Wang, Delpiero, Pavolvich, Burak and Storchak operated an international stolen credit and debit card distribution ring with operations from Ukraine, Belarus, Estonia, China, the Philippines and Thailand, the government charged.