DOJ: Credit Card Thefts Helped by 'Well Designed' Software

Currency counter, Glock, offshore banks and global players skated right past IT security.

By Patrick Thibodeau

CONNECTIONS
BJ's Wholesale Club
TJX
DSW Shoe Warehouse
Tue, August 05, 2008Computerworld The intruders whom the U.S. Department of Justice alleges stole tens of millions of credit and debit card numbers were bold, global, skilled and making millions of dollars, according to details in the charging documents.

And despite all the focus on security since the 9/11 terrorist attacks, the people alleged to be behind this network had little difficulty taking data from some nine businesses, all major retailers. They exploited vulnerabilities in networks, servers and databases, making the information they gleaned available worldwide to the underground economy that buys and sells such data.

MORE ON CIO.com
ID Theft Ring Attacked Retailers on Multiple Levels
Why Should Merchants Keep Credit Card Data?
The Man Behind MasterCard's 100 Terabyte Data Warehouse

All of this was detailed by the DOJ, which is charging 11 people in what is certainly one of the largest and most organized credit card theft operations ever. It extends back to 2003 and includes nationals from several countries—a true world-is-flat operation.

The U.S. alleges that the group decrypted PINs, made new cards and got cash from ATMs. They sold credit card data on Web sites that specialize in trading that information, the DOJ said. And, it claims, they operated globally, using offshore banks and other methods to turn stolen data into cash. ICQ instant messaging and e-mail kept everyone in touch.

Millions of dollars were involved, and the charging documents outline proceeds that were transferred in seven-digits amounts such as $3.8 million, $4.9 million, $1.9 million—to list but a few.

There was so much cash involved that among the things federal authorities seized from Albert Gonzalez of Miami, whom the U.S. alleges played a key role in the crime ring, was a currency counting machine. Gonzalez was captured in May; police also confiscated a Glock handgun and nearly $25,000 in cash from him at that time.

The retailers known to have been targeted are BJ's Wholesale Club, TJX, DSW Shoe Warehouse, OfficeMax, Barnes & Noble, Boston Market, Sports Authority and Forever 21.

One means of access of the retailers' networks was through a practice dubbed wardriving—driving around in a car with a Wi-Fi-enabled laptop computer seeking access.

The first details of the methods used in this extensive operation surfaced in May. In an indictment concerning the theft of credit and debit card data from Dave & Buster's Inc., a Dallas-based restaurant chain, the U.S. analyzed the software used to steal the credit card data. That indictment gives the software designer a nod as having created an effective tool.

Loading...
Security MarketSpace
White Papers
5 Tips for Data Loss Prevention Solutions
RSA® The Security Division of EMC has identified 5 key considerations to help organizations simplify the evaluation process for selecting a DLP solution that is right for their business. Learn more »
Secure Training Videos to Prevent Theft
Learn how Dream Force extended their marketing reach without being constricted. Learn more »
Prevent Intellectual Property Theft
Learn what the key components were in Hock International's purchasing decision. Learn more »
Webcasts
Managing Client Systems in the Enterprise
Why Data Loss is Increasing--and What You Can Do About It
Maximizing the Business Value of the PC Infrastructure
Reduced IT budgets have CIOs hunting for ways to maximize their PC infrastructure, while saving money and IT staff time. Diane Bryant, CIO of Intel Corp., talks with CIO magazine's Gary Beach about how her organization is addressing these challenges. Learn more »
 
SPONSORED LINKS
 

Data Loss Prevention: A Better Way to Approach Security

Software Executives: Take Control of Your Organization's Code Quality

Delivering Secure and Reliable Data through Spreadsheet Automation

Taking the Service Desk to the Next Level

Why Data Loss is Increasing--and What You Can Do About It

Communications and Collaboration Needs at Business Organizations

Using Open Source to Deploy Web Applications

Mid-Sized Company CIO Community: infoBOOM!

Enterprise PBX Comparison Guide

Getting Value from Outdated Networking Equipment

Accenture IT Consulting: Logical meets technological. More . . .

White Paper: 8 Key Ingredients to Building an Internal Cloud

Read about virtualization and consolidation effort best practices

Building the Virtualized Enterprise with VMware Infrastructure

Top 10 Business and IT Drivers for the Wealth Management Sector

Bottom-Line Benefits of Virtualization

White Paper: The Building Blocks for Cloud Computing

Oracle's Application Grid Technical Demo

Next-Generation Application Servers and Infrastructure

Application Infrastructure at Enterprise Organizations

Achieving Business Agility with Application Grid

Learn about The Information Technology Infrastructure Library.

Achieving Pervasive Performance Management

Gartner Shares Predictions for 2009

64-page prescriptive guide to security, compliance, and IT operations.

Stop Application Fraud at the Source with Device Reputation

Ready to Act: 3 Recommendations for Agile Processes

Automating the Generation and Secure Distribution of Excel Reports

Seven Ways ITIL Can Help You in an Economic Downturn

Maximizing the Business Value of the PC Infrastructure

Learn how to managing client systems in the enterprise.

Cloud Computing: Read about VMware's compelling vision & set of products

Enterprise PBX Buyer's Guide

Secondary Market Primer: Your Network at Half Price

Top-line Performance that's Bottom-line Efficient

Accenture: Outsourcing for uncertain times. Click to learn more.

Learn about the VMware vSphere (TM) & Intel (R) Xeon (R) Processor 5500 Series

Learn how a virtualized enterprise can help your company reduce costs

Why Isn't Server Virtualization Saving Us More?

8 Key Ingredients to Building an Internal Cloud

Data Center Optimization: Three Key Strategies

A CIO Executive Guide: Cloud Computing Looms Big on the Horizon

Oracle WebLogic Server Technical Demo

Data Grids and Service-Oriented Architecture

Achieving the Impossible: Unlimited Application Scalability

A Middleware Foundation for Application Grid

Tips for successful virtualization management.

Smart Decisions: The Role of Key Performance Indicators

Reduce risk, gain agility. See how Progress can help your business.

Improve ROI, lower TCO and reduce energy consumption.

 
 
RESOURCE CENTER
 
buy a link »
Ads by TechWords