U.S. Indicts Three in Theft of 130 Million Accounts
By David Voreacos
Aug. 17 (Bloomberg) -- A Miami man and two unidentified computer hackers were charged with stealing 130 million credit and debit card numbers in what the Justice Department said was the largest such prosecution in U.S. history.
Albert Gonzalez, a 28-year-old Miami resident, and two hackers living ???in or near Russia??? were indicted today by a federal grand jury in Newark, New Jersey, for stealing data from Heartland Payment Systems Inc., 7-Eleven Corp., Delhaize Group???s Hannaford Brothers Co. and two unidentified national retailers.
The hackers stole 130 million card numbers from Heartland, a bank-card payment processor, starting in December 2007, by using malicious computer software, according to the 14-page indictment. An undetermined number of card numbers were stolen from 7-Eleven and 4.2 million from Hannaford, a regional supermarket chain, according to the indictment.
???This investigation marks the continued success of law enforcement in tracking down cutting edge hacking schemes committed by hackers working together across the globe,??? acting U.S. Attorney Ralph Marra said in a statement.
Gonzalez and the two hackers were charged with two counts of conspiracy in a scheme to sell data they stole using computers in New Jersey, California, Illinois, Latvia, Ukraine and the Netherlands, according to the indictment.
Gonzalez, who is in federal custody in Brooklyn, New York, was arrested in New Jersey in 2003 for his role in ATM and debit card fraud, Marra said in a statement. He was indicted last year by federal grand juries in Massachusetts and New York for data breaches at companies, according to the statement.
Victims Scouted
The hackers scouted potential victims by reviewing a list of Fortune 500 companies and then visiting retail stores to identify the payment processing systems and their vulnerabilities, prosecutors said. They used malicious software known as malware and so-called injection strings to attack the computers and steal data, prosecutors said.
They installed ???sniffer??? programs to capture data ???on a real-time basis??? as it moved through the computer networks, and used instant messaging services to advise each other on how to navigate the systems, according to the indictment. They also programmed malware to evade detection by anti-virus software and erase files that might detect its presence, prosecutors said.
Heartland, based in Princeton, New Jersey, is used by 175,000 businesses at 250,000 locations. The company said Jan. 20 it found ???malicious software??? in its processing system that hackers used to steal data in 2008.
Government Investigations
In a Feb. 24 conference call, Chief Executive Officer Robert Carr said the company was the subject of an informal inquiry by the Securities and Exchange Commission, as well as investigations by the Justice Department, the Federal Trade Commission and the Office of the Comptroller of the Currency.
Jason Maloni, a Heartland spokesman, didn???t immediately return a call seeking comment. A shareholder sued Heartland directors and officers on July 14 in federal court in Trenton, New Jersey, for alleged breach of fiduciary duty before the cyber attack.
In a July 16 interview, Maloni said the company was cooperating with government investigators. He said Heartland had ???undergone a number of steps to enhance our security and raise the understanding of the growing threat of cyber-criminals among the entire financial sector, including our own competitors.???
source
By David Voreacos
Aug. 17 (Bloomberg) -- A Miami man and two unidentified computer hackers were charged with stealing 130 million credit and debit card numbers in what the Justice Department said was the largest such prosecution in U.S. history.
Albert Gonzalez, a 28-year-old Miami resident, and two hackers living ???in or near Russia??? were indicted today by a federal grand jury in Newark, New Jersey, for stealing data from Heartland Payment Systems Inc., 7-Eleven Corp., Delhaize Group???s Hannaford Brothers Co. and two unidentified national retailers.
The hackers stole 130 million card numbers from Heartland, a bank-card payment processor, starting in December 2007, by using malicious computer software, according to the 14-page indictment. An undetermined number of card numbers were stolen from 7-Eleven and 4.2 million from Hannaford, a regional supermarket chain, according to the indictment.
???This investigation marks the continued success of law enforcement in tracking down cutting edge hacking schemes committed by hackers working together across the globe,??? acting U.S. Attorney Ralph Marra said in a statement.
Gonzalez and the two hackers were charged with two counts of conspiracy in a scheme to sell data they stole using computers in New Jersey, California, Illinois, Latvia, Ukraine and the Netherlands, according to the indictment.
Gonzalez, who is in federal custody in Brooklyn, New York, was arrested in New Jersey in 2003 for his role in ATM and debit card fraud, Marra said in a statement. He was indicted last year by federal grand juries in Massachusetts and New York for data breaches at companies, according to the statement.
Victims Scouted
The hackers scouted potential victims by reviewing a list of Fortune 500 companies and then visiting retail stores to identify the payment processing systems and their vulnerabilities, prosecutors said. They used malicious software known as malware and so-called injection strings to attack the computers and steal data, prosecutors said.
They installed ???sniffer??? programs to capture data ???on a real-time basis??? as it moved through the computer networks, and used instant messaging services to advise each other on how to navigate the systems, according to the indictment. They also programmed malware to evade detection by anti-virus software and erase files that might detect its presence, prosecutors said.
Heartland, based in Princeton, New Jersey, is used by 175,000 businesses at 250,000 locations. The company said Jan. 20 it found ???malicious software??? in its processing system that hackers used to steal data in 2008.
Government Investigations
In a Feb. 24 conference call, Chief Executive Officer Robert Carr said the company was the subject of an informal inquiry by the Securities and Exchange Commission, as well as investigations by the Justice Department, the Federal Trade Commission and the Office of the Comptroller of the Currency.
Jason Maloni, a Heartland spokesman, didn???t immediately return a call seeking comment. A shareholder sued Heartland directors and officers on July 14 in federal court in Trenton, New Jersey, for alleged breach of fiduciary duty before the cyber attack.
In a July 16 interview, Maloni said the company was cooperating with government investigators. He said Heartland had ???undergone a number of steps to enhance our security and raise the understanding of the growing threat of cyber-criminals among the entire financial sector, including our own competitors.???
source
