Tuesday, August 5, 2008

Big Interernet Security bust

Perhaps the largest Internet heist ever was when TJX got hacked. I wrote about it here, but the Cliff's Notes version is that some Bad Guys broke into the network used by TJX corporation and stole 40 million or so credit card numbers.

At what we know of the current going rate for credit cards, that's $50 - $200 Million on the black market. Not counting the $60M that TJX paid to settle lawsuits on the matter.

So it's big news that a bunch of folks have been arrested for the crime.

Eleven perpetrators allegedly involved in the hacking of nine major U.S. retailers and the theft and sale of more than 40 million credit and debit card numbers have been charged with engineering the largest hacking and identity theft conspiracy ever prosecuted by the Department of Justice.

The case links several high-profile data breaches of the last two years -- including TJX Companies, BJ's Wholesale Club, Barnes & Noble, and Dave & Buster's -- to a single group of conspirators.

What's interesting is the nationalities of the folks involved: US, Ukraine, China, Estonia. Eastern Europe and China are both major centers for black hat activity (as opposed to Black Hat activity, which is in Vegas this week).

Pretty lucrative operation, it seems:
The San Diego charges allege that Yastremskiy, Suvorov, Chiu, Wang, Delpiero, Pavolvich, Burak, and Storchak operated an international stolen credit and debit card distribution ring, with operations from Ukraine, Belarus, Estonia, the People’s Republic of China, the Philippines and Thailand. The indictments allege that each of the defendants sold stolen credit and debit card information for personal gain. The indictment alleges that Yastremskiy received proceeds exceeding $11 million.

1 comment:

  1. Careful reading of the indictments of the TJX data thieves show that the media, card issuers and Federal Trade Commission over-reacted to the TJX incident. The TJX break-in was not as bad as we were led to believe. --Ben http://legal-beagle.typepad.com/wrights_legal_beagle/2008/08/credit-card-iss.html

    ReplyDelete

Remember your manners when you post. Anonymous comments are not allowed because of the plague of spam comments.