by: Tom Corelis
Hacking ring that made off with more than 40 million credit card numbers caught
A hacking ring found swiping more than 40 million credit and debit card numbers was caught Wednesday, in a stroke of good fortune that the U.S. Department of Justice is calling their largest hacking break ever.
The unnamed hacking ring’s resume is as impressive as it is devastating, with its 11 members accused of stealing card numbers from a wide variety of US retail stores, including OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21, Marshalls, and T.J. Maxx.
The group appears to be responsible for the massive data breach that began in 2005 against clothing retailers T.J. Maxx and Marshalls, as well as other stores owned by parent company TJX, that ended up costing close to $200 million in damages.
Group members, only three of which are U.S. citizens, will appear before a Boston court facing a wide variety of charges, including conspiracy, computer intrusion, fraud, and identity theft.
Despite the Justice Department’s boasting, reports have described the security community’s response as muted, with researchers unimpressed by the groups’ reportedly simple tactics – which consisted, mainly, of wardriving for networks with open wireless access points and security vulnerabilities, and exploiting those holes to install a packet sniffer that spies on transactions as they occur.
“It’s not rocket science,” says Department of Defense cybercrime investigator Jim Christy.
The issue of identity theft is so big, say researchers, that the group’s arrest is unlikely to make a dent in the overall “carding” scene. The size of their theft also likely contributed to the group’s capture, as attempting to offload 41 million card numbers is a considerably larger transaction – and a far more noticeable one – than typical trades, where quantities are usually in the thousands.
“It’s almost an embarrassment of riches – how do you move 41 million credit card numbers?” says Black Hat and DefCon hacker conference founder Jeff Moss. “That’s like trying to rob Fort Knox by yourself.”
Reports indicate that the group’s ringleader, Miami-based Albert Gonzalez, was formerly an informant for the U.S. Secret Service. The group’s other members hail from a “hodgepodge” of countries, including Estonia, Belarus, Ukraine, and China. Their composition is viewed as snapshot of the larger carding community, much of which consists of groups from Eastern Europe.
