Tuesday, August 18, 2009

Three Indicted in Largest Hacking and Corporate Identity Theft Case in History

Albert Gonzalez, of Miami, along with two unnamed Russians, stands accused of hacking into Princeton-based Heartland Payment Systems; 7-Eleven Inc., a Texas-based convenience store chain and Hannaford Brothers Company, a Maine-based supermarket chain. The stolen data was sent to computer servers that Gonzalez and his co-conspirators operated in California, Illinois, Latvia, the Netherlands, and Ukraine.
The indictment also mentions two other unidentified corporate victims as being hacked by the co-conspirators.
According to the Justice Department,the "SQL injection attack," technique was used by the suspects this is a sophisticated hacking technique which "seeks to exploit computer networks by finding a way around the network's firewall to steal credit card and debit information."
Gonzalez and the others would seek out Fortune 500 companies and attempt to identify potential vulnerabilities in their computer systems.Asper the two-count indictment alleging conspiracy and conspiracy to engage in wire-fraud, beginning in October 2006,
After reconnaissance of the computer systems was completed, information would be uploaded to servers which served as hacking platforms. Once the information was discovered, it was stolen from the corporate servers and placed onto servers around the world controlled by the suspects.

Upon the alleged theft of the data, Gonzalez, known online as "soupnazi," and his co-conspirators would seek to sell the data to others who would then use it to make fraudulent purchases, unauthorized withdrawals from banks and other identity theft schemes.
As per the law if convicted, Gonzalez could face up to 20 years on a charge of wire-fraud conspiracy and an additional five on the conspiracy charge and fines of up to $250,000 for each charge.
He is currently in federal custody. The whereabouts of the two unidentified suspects, both from Russia, are unknown.
The latest charges are hardly Gonzalez's first brush with the law — in May
and August of 2008, he was indicted on additional charges for a number of hacks into eight major retailers including discount giant TJ Maxx that involved an estimated 40 million credit cards and cost TJ Maxx $200 million and in May 2008, the U.S. Attorney's Office of New York charged him for his alleged role in the hacking of a computer network run by a national restaurant chain.
Heartland Systems announced a suspected breach on January 20, 2009, noting the discovery of "evidence of an intrusion," but denying the compromise of any merchant data, social security numbers, PIN numbers or addresses.
Hacking is also crime in India.As per the Information Technology Act 2000, Sec 66 a fine upto 1 crore and 3 years jail may be awarded.

See, "Three Indicted in Major Hacking Case," Wall St. Journal, August 17, 2009, at http://online.wsj.com/article/SB125053669921337753.html; "U.S. Indicts 3 in Theft of 130 Million Bank Cards," New York Times, August 17, 2009, at http://www.nytimes.com/2009/08/18/technology/18card.html.

No comments:

Post a Comment