Biggest ID Theft Bust
Federal indictments unsealed Tuesday in Boston and San Diego against 11 individuals outlined an extraordinary global scheme that siphoned 40 million customer credit and debit card numbers out of the networks of nine major U.S. retailers and placed them – for a price – in the hands of individuals around the world, who in turn used them to make purchases or withdraw cash from ATMs.
Sounds pretty serious.
Chertoff called the indictment a “milestone” in the evolving history of cybersecurity.
“It’s an opportunity, in fact an obligation at this point, for everybody involved in this scenario to take a careful look at the security systems in place,” Chertoff said in the San Jose offices of the U.S. Secret Service, which investigated the case.
I’d have to agree with this. The crime ring incorporated “wardriving” (finding open networks to exploit) and then created an online database to buy and sell credit card numbers, among other things. This cooperative effort was lucrative, too:
At least one of Gonzalez’s co-conspirators enriched himself to the tune of $11 million, according to the indictment. Gonzalez himself allegedly profited by at least $1.7 million and purchased a 2006 BMW, computers, a Glock handgun and a condominium in Florida where he let a co-conspirator stay for free in exchange for help in the scheme, the indictment alleges.
It’s the same old story: Find the weakest link and break it:
The fact that the alleged hacking took place at retail outlets – and not banks, for example – suggested that the suspects were targeting weaker links in the network, Dunkelberger said. In some cases, the indictment said, the network and credit card data were unsecured; in others the suspects were able to crack the encryption.
I’m truly glad that DHS caught the thieves. But here’s the punchline: The ring, and its concomittant crimes, occurred beginning in 2004! Four year later, we find this out?