11 Indicted In Largest ID Theft Case Ever

DOJ Charges International Hackers Who Allegedly Stole 40 Million Credit Card Numbers

(CBS/AP)  The Department of Justice announced Tuesday that it had charged 11 people in connection with the hacking of nine major U.S. retailers and the theft and sale of more than 40 million credit and debit card numbers.

It is believed to be the largest hacking and identity theft case ever prosecuted by the Department of Justice. The charges include conspiracy, computer intrusion, fraud and identity theft. Three of the defendants are U.S. citizens, while the others are from places such as Estonia, Ukraine, Belarus and China.

"So far as we know, this is the single largest and most complex identity theft case ever charged in this country," said Attorney General Michael Mukasey. "It highlights the efforts of the Justice Department to fight this pernicious crime and shows that, with the cooperation of our law enforcement partners around the world, we can identify, charge and apprehend even the most sophisticated international computer hackers."

The indictment returned Tuesday by a federal grand jury in Boston alleges that the people charged hacked into the wireless computer networks of retailers including TJX Cos, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW.

"While technology has made our lives much easier it has also created new vulnerabilities," U.S. Attorney Michael J. Sullivan said in a statement. "This case clearly shows how strokes on a keyboard with a criminal purpose can have costly results."

The indictment alleges that the hackers installed programs to capture card numbers, passwords and account information, and then concealed the data in computer servers that they controlled in the U.S. and Eastern Europe.

"They used sophisticated computer hacking techniques, breaching security systems and installing programs that gathered enormous quantities of personal financial data, which they then allegedly sold to others or used themselves," Mukasey said. "And in total, they caused widespread loses by banks, retailers, and consumers."

The heist was a black eye for retailers like TJX. The company, which initially disclosed the data breach in January 2007, said a few months later that at least 45.7 million cards were exposed to possible fraud in a breach of its computer systems that began in July 2005. Court filings by some banks that sued TJX put the number of cards affected at more than 100 million, based on estimates by officials with Visa and MasterCard, who were deposed in the suit.

In May, TJX said it won support from Mastercard-issuing banks for a settlement that will pay them as much as $24 million to cover costs from the data breach. A similar agreement reached last November with Visa-card issuing banks also was overwhelmingly approved. That agreement set aside as much as $40.9 million to help banks cover costs including replacing customers payment cards and covering fraudulent charges.

Under the indictments unsealed Tuesday, three of the defendants are U.S. citizens, one is from Estonia, three are from Ukraine, two are from China and one is from Belarus. One individual is only known by an alias online, and his place of origin is unknown.

In the Boston indictment, Albert "Segvec" Gonzales of Miami, who is accused of leading the scheme, was charged with computer fraud, wire fraud, access device fraud, aggravated identity theft and conspiracy. He faces a maximum penalty of life in prison if he is convicted of all the charges.

Gonzalez was previously arrested by the Secret Service in 2003 for access device fraud. During the course of this investigation, the Secret Service discovered that Gonzalez, who was working as a confidential informant for the agency, was criminally involved in the case. Because of the size and scope of his criminal activity, Gonzalez faces a maximum penalty of life in prison if he is convicted of all the charges alleged in the Boston indictment.

Indictments were unsealed Tuesday in San Diego against Maksym "Maksik" Yastremskiy of Kharkov, Ukraine, and Aleksandr "Jonny Hell" Suvorov of Sillamae, Estonia. The indictments charge them with crimes related to the sale of the stolen credit card data.

In May 2008, Gonzalez, Suvorov and Yastremskiy also were charged in a related indictment in the Eastern District of New York. The New York charges allege that the trio was engaged in a sophisticated scheme to hack into computer networks run by the Dave & Buster’s restaurant chain, and stole credit and debit card numbers from at least 11 locations.

Furthermore, indictments against Hung-Ming Chiu and Zhi Zhi Wang, both of China, and a person known only by the online nickname "Delpiero" were also unsealed in San Diego.

---

To find out how this might have happened and how intrusions might be prevented in businesses and home, Larry Magid interviews David Perry, education director of TrendMicro and David Emm, a researcher at Kaspersky Lab.

---

"Computer hacking and identity theft pose serious risks to our commercial, personal and financial security," said U.S. Attorney for the Eastern District of New York Benton J. Campbell. "Hackers who reach into our country from abroad will find no refuge from the reach of U.S. criminal justice."

[shanev137]

I''m glad I have never shopped at any of those stores and never will.

[jsklinemn]

I get a kick out of some readers here. You can tell how liberally biased they are and more importantly how ignorant they are by reading the story; and subsequently associating the whole story to something that President Bush did!

Come on people. Get a grip. Join life out there. Life does not revolved at the turn of Mr. Bush.

Gheesh...

[culturechang]

I am surprised this simple theft case got DOJ priority. There have to be some massage parlors still out there operating to raid under prostitution laws. Regulating your morality is much more fun than fighting the obvious victim-involved crimes.

[jediservant]

Does anyone notice the same thing I have noticed? Several of the people indicted in this raid have already been charged with previous crimes. But due to the soft judicial system they are released to commit more crime.

When are the American people going to say %u201Cenough is enough%u201D and get rid of these liberal judges?

[impeach__w]

Gonzalez was previously arrested by the Secret Service in 2003 for access device fraud. During the course of this investigation, the Secret Service discovered that Gonzalez, who was working as a confidential informant for the agency, was criminally involved in the case

[jetlizhan]

wonderful news! keep the sorry b@st@rds behind bars for the rest of their miserable lives.

[kittykatty2]

who did they sell the information to? i would like to see their sorry behinds in prison forever more too.

[shortestfuse]

When are the American people going to say %u201Cenough is enough%u201D and get rid of these liberal judges?

Posted by JediServant

As soon as the Democrats allow up/down votes on the judicial appointments that they have been stonewalling.

[renceward-2009]

We just don''t treat data crimes seriously enough. We are becoming an information society - data is becoming as vital as water and electricity and other core infrastructure. A person who tampers with the water supply or electrical transmission system would be treated vary harshly. But a folks who disrupt our information systems are routinely given a slap on the wrist.

[hypnotoad72]

We just don''''t treat data crimes seriously enough. We are becoming an information society - data is becoming as vital as water and electricity and other core infrastructure. A person who tampers with the water supply or electrical transmission system would be treated vary harshly. But a folks who disrupt our information systems are routinely given a slap on the wrist.

Posted by Renceward
--------------

We''re also a deregulating society. Nice ideas of yours, but they won''t work.

[walt1944-2009]

Instead of "Bagdad John McBush (SURRRRRGE, DRRRILLL)" McCain and Obama beating up on each other, how about them addressing some real issues, like: What would you do about IDENTITY THEFT!!!

I haven''t heard one peep out of either candidate about it, though I would think Obama would try to do something about it. McCain is absolutely "clueless" on the matter and would need Joe Libermann to explain what that is to him!

Besides, the old buzzard is so rich anyway, he could care less if any of the "underprivileged''s" identities were stolen. We all look the same to him!

SIG HEIL, BUSH!!!!!
sig heil, ABSOLUTELY MORE OF THE SAME, "SURRRRRGE" McCain!!!!

[bobnjersey]

["While technology has made our lives much easier it has also created new vulnerabilities," U.S. Attorney Michael J. Sullivan said in a statement. "This case clearly shows how strokes on a keyboard with a criminal purpose can have costly results." ]

technology will be the death of us all in the end.

[bobnjersey]

[The heist was a black eye for retailers like TJX. The company, which initially disclosed the data breach in January 2007, said a few months later that at least 45.7 million cards were exposed to possible fraud in a breach of its computer systems that began in July 2005. Court filings by some banks that sued TJX put the number of cards affected at more than 100 million, based on estimates by officials with Visa and MasterCard, who were deposed in the suit. ]

why is TJX storing peoples credit card numbers on their computers? and why weren''t they encrypted as they were stored?

this should be illegal ... punishable by a $1 million dollar fine for each instance ... and the one whose info you were storing gets the money.

[andrew_693]

When are the American people going to say %u201Cenough is enough%u201D and get rid of these liberal judges?

Posted by JediServant


are you talking about that mississippi governor that is going to pardon a stalker that murdered his ex wife? you are so dumb you didn''t even know about that one. You think conservatives stand for justice? those are bigger sell outs.

[martin9p2]

40 million numbers works out to about 3.6 million felony charges for each of 11 defendants. If the judge goes lightly on these scumbags but still imposes consecutive 1-day sentences, that''s 9,962 years each. I bet they get about 3 years with probabtion. What do you predict?

[longtree-2009]

Too bad they won''t be executed, here and abroad. The Middle East would probably execute them. Isn''t everyone tired of these ID theft criminals?

[wineberry]

If I''m ever able to financially, I''m going to rid myself of every credit card I own and go with just cash, checks and money orders. Identity theft is an ongoing problem that isn''t going to go away. Also, the interest rates on credit cards is already enough to eat you alive, so even though it might make buying things a little rough sometimes, I think cash, checks or money orders is better. I may keep one credit card for gas, but that''s about it.

[patriot12436]

wineberry
You are right and i did this a few years back. I like to pay cash for everything now and keep one credit card for emergencies like car rental. I am much happier beingout of debt.

[patriot12436]

I think we need to make the punishment fit the crime. For these crimes full restitution should be mandatory before they are released back into society.

[patriot12436]

culturechang
You should research a topic before commenting. Prostitution is legal in Nevad and regularted by the state. The state receives a good portion of revenue in taxes from the business. Not one girl has been attacked while working in a brothel and not one girl or customer has gotten a disease fom a brothel. hese are good points about the business.

[simplemind2]

11 ID thieves all deserve the death penalty.

[vnveteran72]

Shoot,.....Maybe my girlfreind WAS telling the truth about not running up all those bills on my credit cards before I kicked her azz out.....Oh well, I was gettin'' tired of her anyway.....I''m sure I''ll have no problem finding another Smokin'' Hot Nymphomaniac Multimillionaire Physician with a Law Degree and 6 Kinky Super Model Friends.........somebody please shoot me now........
............

[swwils]

It is about time that they have started busting these f,come on down and rip everyone off.rauds for who they are and what they have been doing.Ruining innocent people and their credit along with everything else that can be done with another persons I.D.I miss the early 70''s nobody at least that I ever heard of did this stuff.Today it is "The price is Right",come on down and rip all Americans off Uncle Sam don''t give a squat!

[stn_sage]

My comments are as follows:

1. EXCELLENT! It would have been better if they hadn''t gotten into these systems, but at least they''ve been caught!

2. I suggest they receive LIFE at HARD LABOR breaking rocks! Or, the death penalty! Either, would suffice!
They certainly deserve it!

3. The government MUST see that all the accounts they screwed up are corrected.

[tootall10142]

These people probably could have had a job working the cia or the fbi if they had known thier knowledge to spy and hack these many computers at one time .Now we have to lock up a otherwise what could have been a asset.i dont have much sympathy for people whose lives are ran by the credit limits on thier credit cards. although this is a heinous crime.be not a lender or borrower.people who live beyond thier income deserve to be put in check but not this way.

[bthrasher102]

getoffmine, If you could read you would see that the hackers installed software that captures the information as the transaction is processed. It is not taking the information from a file on the stores computer. If you''re going to be that paranoid, go live in a cave.

[850Rick]

Their punishment should be that they have to personally call ever person they stole information from and apologize to them. This should take the rest of their lives.

[850Rick]

Their punishment should be that they have to personally call ever person they stole information from and apologize to them. This should take the rest of their lives.

[padvocate]

why is there no justice in the mary mccray,id theift,that hopewell,va police and commonwealth attorney''s office refused,to even look at the paper trail,at the age of 81 years old,and a medical condition:alzhimers, 1998-present the Grant and Anderson scam,over $200.000.00 in 27 fraud accounts open in mary"s name,they also filed bankurpty in 2005 after they expolited the accounts,home improvement loans august 7,1998 $42.000.00 & $17.000.00 not one dollarm went into ,mary mccray home,which was in bad need of homen updates!!!August 2007,Gwendolyn&Isiah Grant and Kevin & Kathrine Anderson,cashed out 2 life insurance policy,one that was in her oldest son,willie mccray,ex NFL,49er.We reported this crime to local,and state and federal law enforcement,Judge Shrett, of emporia,va has totally disregarded,Mary.s,Doctor statement that she was and is incapated,and would not have been able to open any such accounts,this is Explotation and these minister need to be held accotable for thses crimes and fraud!!!!

[padvocate]

Why is so hard for blacks that have been victims of fraud be handle the same as when a white 81 year old widow,who has been expolited and abused by family,a crime is a crime,thats what i belived until ,We were miss lead by local Hopewell,va,Chesterfield countyas well

[omega39-2009]

This is a result of companies putting their bottom line before your private information. These companies are laying off seasoned IT professionals and bringing in temporary workers or worse yet offshoring their IT entirely. They refuse to spend money on newer systems and softwares that plug the vulnerabilities. In short, shoddy, cheap and lazy business practices.

[lochlan-2009]

"11 people in connection with the hacking of nine major U.S. retailers and the theft and sale of more than 40 million credit and debit card numbers."

11 people? Why didn''t they just keep the operation going, and every time they sold a stolen credit card to someone they could go and arrest him? We''d be getting the buyers in prison also.

[lochlan-2009]

"11 people in connection with the hacking of nine major U.S. retailers and the theft and sale of more than 40 million credit and debit card numbers."

11 people? Why didn''t they just keep the operation going, and every time they sold a stolen credit card to someone they could go and arrest him? We''d be getting the buyers in prison also.

[buttonjockey]

"And in total, they caused widespread loses by banks, retailers, and consumers."

Loses? Can CBS News get a spell checker here? Hint: LOSSES.

Here''s the best line of the article: "Hackers who reach into our country from abroad will find no refuge from the reach of U.S. criminal justice."

Straight out of a comic book! LOLLLL!!!

[bobnjersey]

[When are the American people going to say %u201Cenough is enough%u201D and get rid of these liberal judges?]
[Posted by JediServant at 04:20 PM : Aug 05, 2008]

when are you people going to stop parroting the talking points and think for yourself?

but this does make you a good jedi servant ... doing and thinking in ways that others have defined for you.

[xmanborg]

40 Million credit card numbers.

Thats called LETS GO SHOPPING.

[nothappyatall]

Here is the real questions. Why do these businesses keep someone''''s name and credit card numbers on file after the transaction is completed? I know i would not want my information sitting in a company data base that all kinds of people have access to.
They need to write a law demanding businesses stop this practice.

Posted by getoffmine

Because customers LIKE the convienience of not having to enter all their billing, card and shipping info for repeat or automatic subscription purchases aka amazon.com, ups shipping etc

[nothappyatall]

I dont see how theycan get anything anyway, eveytime I use amazon or others and the billing/shipping address is not EXACTLY matching the one on record with the card, it''s not accepted.

If I enter pob987 instead of POB 987, it''s not accepted- to the computer those dont match.

As long as the rule is, shipments of goods MUST go to the exact card billing address then what''s the problem?

[nothappyatall]

And another thing, most cards exclude holders from liability for lost/stolen/misuse, some might bill $50 if not reported when discovered, WAMU has a $0 liability for fraud, loss, stolen numbers/cards, so if your card # is stolen WAMU customers don''t pay a cent, so who cares?

[tattersall57]

a few weeks ago there were charges to a hotel in Moscow in the amount of $32,000 on one of my credit cards...these charges were made over a 3 day period...had a hard time convincing the card company that they were not mine....I shop at BJ''s...I wonder if that is where my card number was stolen....I was always in possession of my card....hope they hang these guys...they destroy people''s lives by stealing their credit and identity...

[tattersall57]

a few weeks ago there were charges to a hotel in Moscow in the amount of $32,000 on one of my credit cards...these charges were made over a 3 day period...had a hard time convincing the card company that they were not mine....I shop at BJ''s...I wonder if that is where my card number was stolen....I was always in possession of my card....hope they hang these guys...they destroy people''s lives by stealing their credit and identity...

[tattersall57]

a few weeks ago there were charges to a hotel in Moscow in the amount of $32,000 on one of my credit cards...these charges were made over a 3 day period...had a hard time convincing the card company that they were not mine....I shop at BJ''s...I wonder if that is where my card number was stolen....I was always in possession of my card....hope they hang these guys...they destroy people''s lives by stealing their credit and identity...