Wednesday, August 19, 2009

Good Chance Your Credit Card Data Was Stolen: Feds Bust Biggest Identity Theft Ring

By DEVLIN BARRETT, AP  posted on http://www.walletpop.com

WASHINGTON (Aug. 17) — Federal prosecutors on Monday charged a Miami man with the largest case of credit and debit card data theft ever in the United States, accusing the one-time government informant of swiping 130 million accounts on top of 40 million he stole previously.

On Aug. 17, federal investigators announced what is said to be the largest identity theft ring in U.S. history.   Thieves targeted more than 130 million credit and debit card numbers used at 7-Eleven stores, supermarket chain Hannaford Brothers and those processed by Heartland Payment Systems.   Heartland coincidentally, suffered another major breach just last year.

Gonzalez is a former informant for the U.S. Secret Service who helped the agency hunt hackers, authorities say. The agency later found out that he had also been working with criminals and feeding them information on ongoing investigations, even warning off at least one individual, according to authorities.

Gonzalez, who is already in jail awaiting trial in a hacking case, was indicted Monday in New Jersey and charged with conspiring with two other unnamed suspects to steal the private information. Prosecutors say the goal was to sell the stolen data to others.

Albert Gonzalez, 28, broke his own record for identity theft by hacking into retail networks, according to prosecutors, though they say his illicit computer exploits ended when he went to jail on charges stemming from an earlier case.

Gonzalez is a former informant for the U.S. Secret Service who helped the agency hunt hackers, authorities say. The agency later found out that he had also been working with criminals and feeding them information on ongoing investigations, even warning off at least one individual, according to authorities.

Gonzalez, who is already in jail awaiting trial in a hacking case, was indicted Monday in New Jersey and charged with conspiring with two other unnamed suspects to steal the private information.  Prosecutors say the goal was to sell the stolen data to others.  How much of the data was sold and then used to make fraudulent charges is unclear.

Investigators in such cases say it is usually impossible to quantify the impact of such thefts on account holders.

Prosecutors say Gonzalez, who is known online as "soupnazi," targeted customers of convenience store giant 7-Eleven Inc. and supermarket chain Hannaford Brothers, Co. Inc.   He also targeted Heartland Payment Systems, a New Jersey-based card payment processor.

According to the indictment, Gonazalez and his two Russian co-conspirators would hack into corporate computer networks and secretly place "malware," or malicious software, that would allow them backdoor access to the networks later to steal data.

Gonzalez faces up to 20 years in prison if convicted of the new charges.   His lawyer did not immediately return a call for comment.

Gonzalez is awaiting trial next month in New York for allegedly helping hack the computer network of the national restaurant chain Dave and Buster's.

The Justice Department said the new case represents the largest alleged credit and debit card data breach ever charged in the United States, based on a scheme that began in October 2006.

Gonzalez allegedly devised a sophisticated attack to penetrate the computer networks, steal the card data, and send that data to computer servers in California, Illinois, Latvia, the Netherlands and Ukraine.

Also last year, the Justice Department announced additional charges against Gonzalez and others for hacking retail companies' computers for the theft of approximately 40 million credit cards.  At the time, that was believed to be the biggest single case of hacking private computer networks to steal credit card data, puncturing the electronic defenses of retailers including T.J. Maxx, Barnes & Noble, Sports Authority and OfficeMax.

Prosecutors charge Gonzalez was the ringleader of the hackers in that case.

At the time of those charges, officials said the alleged thieves weren't computer geniuses, just opportunists who used a technique called "wardriving," which involved cruising through different areas with a laptop computer and looking for accessible wireless Internet signals.   Once they located a vulnerable network, they installed so-called "sniffer programs" that captured credit and debit card numbers as they moved through a retailer's processing networks.

Gonzalez faces a possible life sentence if convicted in that case.

Restaurants are among the most common targets for hackers, experts said, because they often fail to update their antivirus software and other computer security systems.

Scott Christie, a former federal prosecutor now in private practice in New Jersey, said the case shows that despite the best efforts by companies to protect data privacy, there are still individuals capable of sneaking in.

"Cases like this do cause companies to sit up and take notice that this is a problem and more needs to be done," said Christie.

Copyright 2009 The Associated Press. 2009-08-17

Good Chance Your Credit Card Data Was Stolen

Federal prosecutors on Monday charged a Miami man with the largest case of credit and debit card data theft ever in the United States, accusing the one-time government informant of swiping 130 million accounts on top of 40 million he stole previously.   So, do the math. There are 307 million people in the U.S. at the moment. 170 million credit cards were stolen. This is from big chains like TJ-Maxx, 7-Eleven and others.   Here is the article that has been all over the news today: 
http://www.sunbeltchannelnews.com/NSE0N9/090819-Identity-Theft-Ring

What do I need to know as a consumer?

Q: how can I tell my information has been compromised?

A: Almost every state has a law, making companies that suffer a data breach notify you if your personal data may have been breached.   In the mean time, you should monitor you bank and credit-card accounts and report any unusual activity to that financial institution.

Q: How do I protect myself?

A: To begin with, get copies of your credit report to make sure the data is accurate. Under federal law, you are entitled to one free copy of you reports each year from each of the three credit reporting bureaus.   You can also ask them that a fraud alert be put on your file.   Next you ask for a credit freeze on your account to help prevent further fraud and identity theft.

Second, It would be very wise to spend five to 10 minutes a day looking online at bank and credit-card accounts to make sure that every transaction you see is legit.   You can call your bank and ask for a new credit card.   This is done a lot when people lose their wallet.   Having a new card will get you a new number for that same account and does not count against you.

Third, you do not want to have your (new) credit card number leave your PC without permission.   

Advertisement:  "You need a firewall that checks OUTGOING data from your browser.    The Windows firewall does not do this! The Sunbelt Personal Firewall does. To help families protect their credit ratings, we offer the Sunbelt Personal Firewall unlimited home site license for 50% off.

Now you can protect ALL the PCs in your home for $19.95 instead of $39.95.   Click here and the coupon for this special offer will already be applied to your cart. The offer is valid until the end of this month. Live in the UK? You get a 50% discount too!  h
ttp://www.sunbeltchannelnews.com/NSE0N9/090819-SPF-Offer"

Q: What is my liability if someone steals my card data?

A: With your credit card, you are generally liable for no more than $50 in unauthorized usage under federal law; many cards have "zero liability" protections for unauthorized activity.   Meaning it will not cost you a dime, except for a lot of time and hassle.

With a debit card though, they can empty your account in minutes!   Your liability can vary for each institution; this depends on how soon you report any loss and whether you used your signature.   A growing number of banks and companies including Visa Inc. and MasterCard Inc. offer zero-liability programs, although this protection generally covers your signature-based purchases.  
In other words,
hackers with a stolen debit card number really can empty your bank account.

Discuss this week's SunbeltSecurityNews Editor's Dossier here:
http://www.sunbeltchannelnews.com/NSE0N9/090819-Forum-Discussion

No comments:

Post a Comment

Please, avoid posting advertisements. Content comments are welcomed, including anonymous. Posts with profanity will not be published.