(CNN) -- Eleven people were indicted Tuesday for allegedly stealing more than 40 million credit and debit card numbers, federal authorities said.
The indictments, which alleged that at least nine major U.S. retailers were hacked, were unsealed Tuesday in Boston, Massachusetts, and San Diego, California, prosecutors said.
It is believed to be the largest hacking case that the Justice Department has ever tried to prosecute.
Three of the defendants are from the United States; three are from Estonia; three are from Ukraine, two are from China and one is from Belarus.
The remaining individual is known only by an alias and authorities do not know where that person is.
Under the indictments, three Miami, Florida, men -- Albert "Segvec" Gonzalez, Christopher Scott and Damon Patrick Toey -- are accused of hacking into the wireless computer networks of retailers including TJX Companies, whose stores include Marshall's and T.J. Maxx, BJ's Wholesale Club, OfficeMax, Barnes and Noble and Sports Authority, among others.
The three men installed "sniffer" programs designed to capture credit card numbers, passwords and account information as they moved through the retailers' card processing networks, said Michael Sullivan, the U.S. attorney in Boston.
"This has other personal numbers that could give them access to credit or debit cards that have already been issued and are active," Sullivan told CNN.
The probe began in late 2006, Sullivan said. In addition to the Justice Department, the Secret Service has been conducting an undercover investigation for more than three years through the U.S. attorney's office in San Diego, he said.
The three then concealed the data in encrypted computer servers they controlled in the United States and eastern Europe, the Justice Department said.
Some credit and debit card numbers were sold on the Internet, and were "cashed out" by encoding the numbers on the magnetic strips of blank cards. "The defendants then used these cards to withdraw tens of thousands of dollars at a time from ATMs," authorities said.
Gonzalez and the others used anonymous Internet-based currencies to conceal and launder their proceeds, as well as channeling funds through bank accounts in Eastern Europe, the department said.
"There are ties between all three districts and ties internationally that go all the way to the Ukraine and Latvia," Sullivan said. "The 41 million credit and debit numbers were used internationally."
Gonzalez was previously arrested in 2003 by the Secret Service on suspicion of access device fraud, the Department of Justice said, and was working as a confidential informant for the agency. However, the Secret Service discovered during the investigation that Gonzalez was involved in this case, authorities said.
The California indictment charged eight others with operating an international stolen credit and debit card distribution ring, selling stolen card information for personal gain -- millions of dollars, in at least one case, authorities said.
Three of the defendants in the most recent case, among them Gonzalez, were also charged in May in a related indictment in New York, Justice said. Those charges allege the three were engaged in a scheme to hack into computer networks run by the Dave & Buster's restaurant chain and steal credit and debit card numbers from at least 11 locations.
The three installed "sniffer" programs at the cash register terminals of the locations, capturing credit and debit card numbers, authorities said. At one location, the sniffer captured data for some 5,000 cards, causing some $600,000 in losses to the banks that issued the credit and debit cards.
No comments:
Post a Comment