TJX hacking ring charged in federal indictment

By SearchSecurity.com Staff 05 Aug 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

This is the single largest and most complex identity theft case ever charged in this country. Michael B. Mukasey Attorney General

"So far as we know, this is the single largest and most complex identity theft case ever charged in this country," Attorney General Michael B. Mukasey said in a prepared statement.

Three of the defendants are from the U.S., one is from Estonia, three are from Ukraine, two are from China, and one is from Belarus.

The indictment, returned in Boston, alleges that Albert "Segvec" Gonzales of Miami and others schemed to steal credit and debit card numbers by wardriving and hacking into the wireless networks of stores owned by TJX, BJ's Wholesale Club Inc., OfficeMax Inc., Boston Market Inc., Barnes & Noble Inc., The Sports Authority Inc., Forever 21 Inc., and DSW Inc. The ring allegedly installed sniffers on the retailers' networks to capture card numbers, passwords and account information.

In March of 2007, TJX disclosed that hackers had stolen at least 45.7 million customer credit and debit card data.

Preventing data leakage: Data leakage detection and prevention: While corporate data loss is not a new concern, newer technologies are emerging to help combat the threat. In this tip, Joel Dubin advises how to reduce data leaks. Deploying secure wireless LANs: Wireless networks have taken a beating in the financial world since it was discovered that the massive TJX data breach was enabled by an insecure Wi-Fi network

Prosecutors said the suspects hid the stolen data in encrypted computer servers in the U.S. and Eastern Europe, and sold some of the credit and debit card numbers over the Internet to other criminals. Authorities said the stolen numbers were encoded on the magnetic strips of blank cards, which the defendants used to withdraw tens of thousands of dollars from ATMs.

Gonzales was charged with computer fraud, wire fraud, access device fraud, aggravated identity theft and conspiracy. He faces life in prison if convicted of all the charges.

Indictments unsealed in San Diego charged Maksym Yastremskiy and Aleksandr Suvorov in connection with the sale of the credit card data stolen by Gonzales and others, as well as additional stolen credit card information. In May, Gonzales, Yastremskiy and Suvorov were charged in a related indictment for hacking into computer systems at 11 restaurants owned by Dave & Buster's Holdings Inc., and stealing credit and debit card numbers.

On Tuesday, Yastremskiy and Suvorov were indicted with six others on charges of operating an international ring dealing in stolen credit and debit cards. According to prosecutors, Yastremskiy made more than $11 million from his criminal activity.

Tags: Information Security Laws, Investigations and Ethics,  Identity Theft and Data Security Breaches,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Information Security Laws, Investigations and Ethics Melissa Hathaway urges more cooperation, government attention to cybersecurity Cybersecurity czar candidate questions clout of new position DHS fills National Cybersecurity Center post FTC shutters rogue ISP for hosting malicious content, botnets Experts optimistic of Obama cybersecurity plan WH cybersecurity plan needs private sector guidance Obama announces creation of cybersecurity coordinator position Cybersecurity Act of 2009: Power grab, or necessary step? Face-off: Who should be in charge of cybersecurity? Feds should get private sector advice on cybersecurity Identity Theft and Data Security Breaches Chip and PIN adoption serves lesson for U.S. payment industry Group to shed light on secure identity management threats Heartland CIO is critical of First Data's credit card tokenization plan Heartland CIO on end-to-end encryption, credit card tokenization Heartland CIO on PCI, E3 project Visa probes tokens, encryption for PCI card data protection University data breach exposes 163,000 women to identity theft TJX thrives following breach, bucks sour economy Security expert's PCI analysis misguided, says PCI Council GM External attacks start with unintentional mistakes, survey finds

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary CALEA  (SearchSecurity.com) cyberstalking  (SearchSecurity.com) FERPA  (SearchSecurity.com) HSPD-7  (SearchSecurity.com) I-SPY Act  (SearchSecurity.com) Information Awareness Office  (SearchSecurity.com) intelligence community  (SearchSecurity.com) lawful interception  (SearchSecurity.com) lifestyle polygraph  (SearchSecurity.com) vulnerability disclosure  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary