Tuesday, August 5, 2008

Credit/Debit Hackers of 40 million Cards "Sniffed Out" by DOJ

Eleven Indictments in 40 Million Card TJ Max Data Breach

The US Department of Justice has announced that "eleven perpetrators allegedly involved in the hacking of nine major U.S. retailers and the theft and sale of more than 40 million credit and debit card numbers have been charged with numerous crimes, including conspiracy, computer intrusion, fraud and identity theft.  The scheme is believed to constitute the largest hacking and identity theft case ever prosecuted by the Department of Justice."

Three of the defendants are U.S. citizens, one is from Estonia, three are from Ukraine, two are from the People's Republic of China and one is from Belarus. One individual is only known by an alias online, and his place of origin is unknown.

In an indictment returned on Aug. 5, 2008, by a federal grand jury in Boston, Albert "Segvec" Gonzalez, of Miami, was charged with computer fraud, wire fraud, access device fraud, aggravated identity theft and conspiracy for his role in the scheme. Criminal informations were also released today in Boston on related charges against Christopher Scott and Damon Patrick Toey, both of Miami.

The Boston indictment alleges that during the course of the sophisticated conspiracy, Gonzalez and his co-conspirators obtained the credit and debit card numbers by "wardriving" and hacking into the wireless computer networks of major retailers -- including TJX Companies, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW.

The indictment alleges that after they collected the data, the conspirators concealed the data in encrypted computer servers that they controlled in Eastern Europe and the United States. They allegedly sold some of the credit and debit card numbers, via the Internet, to other criminals in the United States and Eastern Europe. The stolen numbers were "cashed out" by encoding card numbers on the magnetic strips of blank cards. The defendants then used these cards to withdraw tens of thousands of dollars at a time from ATMs. Gonzalez and others were allegedly able to conceal and launder their fraud proceeds by using anonymous Internet-based currencies both within the United States and abroad, and by channeling funds through bank accounts in Eastern Europe.

Once inside the networks, they installed "sniffer" programs that would capture card numbers, as well as password and account information, as they moved through the retailers' credit and debit processing networks.

Gonzalez was previously arrested by the Secret Service in 2003 for access device fraud. During the course of this investigation, the Secret Service discovered that Gonzalez, who was working as a confidential informant for the agency, was criminally involved in the case. Because of the size and scope of his criminal activity, Gonzalez faces a maximum penalty of life in prison if he is convicted of all the charges alleged in the Boston indictment.

Also today, indictments were unsealed in San Diego against scheme participant Maksym "Maksik" Yastremskiy, of Kharkov, Ukraine, and Aleksandr "Jonny Hell" Suvorov, of Sillamae, Estonia. The indictments charge the defendants with crimes related to the sale of the stolen credit card data that Gonzalez and others illegally obtained, as well as additional stolen credit card data. Suvorov is charged with conspiracy to possess unauthorized access devices, possession of unauthorized access devices, trafficking in unauthorized access devices, identity theft, aggravated identity theft, and aiding and abetting. Yastremskiy is charged with trafficking in unauthorized access devices, identity theft, aggravated identity theft and conspiracy to launder monetary instruments. The indictment also contains a forfeiture allegation.

In addition, an indictment against Hung-Ming Chiu and Zhi Zhi Wang, both of the People's Republic of China, and a person known only by the online nickname "Delpiero," was also unsealed in San Diego today. Chiu, Wang and Delpiero are charged with conspiracy to possess unauthorized access devices, trafficking in unauthorized access devices, trafficking in counterfeit access devices, possession of unauthorized access devices, aggravated identity theft, and aiding and abetting. Also in San Diego, Sergey Pavolvich, of Belarus, and Dzmitry Burak and Sergey Storchak, both of Ukraine, were charged in a criminal complaint with conspiracy to traffic in unauthorized access devices. All are believed to be foreign nationals residing outside of the United States.

The San Diego charges allege that Yastremskiy, Suvorov, Chiu, Wang, Delpiero, Pavolvich, Burak and Storchak operated an international stolen credit and debit card distribution ring with operations from Ukraine, Belarus, Estonia, the People's Republic of China, the Philippines and Thailand. The indictments allege that each of the defendants sold stolen credit and debit card information for personal gain. For example, the indictment of Yastremskiy alleges that he received proceeds exceeding $11 million from this criminal activity. These indictments and complaints are the result of a three-year undercover investigation conducted out of the San Diego Field Office of the U.S. Secret Service.

In May 2008, Gonzalez, Suvorov and Yastremskiy also were charged in a related indictment in the Eastern District of New York. The New York charges allege that the trio was engaged in a sophisticated scheme to hack into computer networks run by the Dave & Buster's restaurant chain, and stole credit and debit card numbers from at least 11 locations. Specifically, the indictment alleges that the defendants gained unauthorized access to the cash register terminals and installed at each restaurant a "packet sniffer," a computer code designed to capture communications on a computer network. The packet sniffer was configured to capture credit and debit card numbers as this information was processed by the restaurants. At one restaurant location, the packet sniffer captured data for approximately 5,000 credit and debit cards, eventually causing losses of at least $600,000 to the financial institutions that issued the credit and debit cards.

Gonzalez is currently in pre-trial confinement on the New York charges. Based upon the San Diego charges, Turkish officials apprehended Yastremskiy in July 2007 in Turkey when he traveled there on vacation. He has been in confinement since then in Turkey, pending the resolution of related Turkish charges, and the United States has made a formal request for his extradition. At the request of the Department of Justice, Suvorov was apprehended by the German Federal Police in Frankfurt in March 2008 on the San Diego charges when he traveled there on vacation. He is currently in confinement pending the resolution of extradition proceedings.

"So far as we know, this is the single largest and most complex identity theft case ever charged in this country," said Attorney General Mukasey. "It highlights the efforts of the Justice Department to fight this pernicious crime and shows that, with the cooperation of our law enforcement partners around the world, we can identify, charge and apprehend even the most sophisticated international computer hackers."

"While technology has made our lives much easier it has also created new vulnerabilities. This case clearly shows how strokes on a keyboard with a criminal purpose can have costly results. Consumers, companies and governments from around the world must further develop ways to protect our sensitive personal and business information and detect those, whether here or abroad, that conspire to exploit technology for criminal gain," said U.S. Attorney Michael J. Sullivan.

"These prosecutions demonstrate that, through coordinated commitment, the United States Secret Service and the Department of Justice will penetrate and prosecute hacker organizations, wherever based and however sophisticated. The United States Attorney's Office for the Southern District of California is especially gratified that the work of the San Diego field office of the Secret Service contributed to an unprecedented effort to dismantle this international criminal enterprise," said Karen P. Hewitt, U.S. Attorney for the Southern District of California.

"Computer hacking and identity theft pose serious risks to our commercial, personal and financial security," said U.S. Attorney for the Eastern District of New York Benton J. Campbell. "Hackers who reach into our country from abroad will find no refuge from the reach of U.S. criminal justice."

"Technology has forever changed the way commerce is conducted, virtually erasing geographic boundaries," said U.S. Secret Service Director Mark Sullivan. "While these advances and the global nature of cyber crime continue to have a profound impact on our financial crimes investigations, this case demonstrates how combining law enforcement resources throughout the world sends a strong message to criminals that they will be pursued and prosecuted no matter where they reside."

"The Internal Revenue Service Criminal Investigation Division recommends charges in numerous types of financial crimes," said Internal Revenue Service Criminal Investigation (IRS-CI) Chief Eileen Mayer. "Today's indictment is the result of a strong law enforcement partnership that brings together the necessary skills to follow alleged criminal activity from cyberspace to bank accounts. We are committed to the government's efforts to stop this type of corruptive activity."

These cases are being prosecuted by Assistant U.S. Attorney Stephen Heymann of the District of Massachusetts, Assistant U.S. Attorney Orlando Gutierrez of the Southern District of California, Assistant U.S. Attorney Will Campos of the Eastern District of New York, and by Senior Counsel Kimberly Kiefer Peretti, and Trial Attorneys Jenny Ellickson and Evan Williams of the Criminal Division's Computer Crime & Intellectual Property Section. The Criminal Division's Office of International Affairs provided extensive assistance related to extradition matters. All of theses cases are being investigated by the U.S. Secret Service. The IRS-CI provided significant investigatory assistance in the Boston case.

55% of U.K"s eCommerce Not U.K. Consumers

Online retailers in the UK are benefiting from the wide use of English in the online world, says a new report from payment processor Pago eTransaction Services. 55% of sales at UK online retail sites are to foreigners.   By contrast, less than 5% of sales at German sites are to foreigners.

The same report, which analyzes online shopping behavior across Europe, confirms that hard-working Germans aren’t frittering away their work days at retail sites. The peak period for online shopping in Germany is 8 to 10 p.m., while in the UK it’s 2 to 4 p.m.

At UK sites, nearly a third of international customers are from countries outside Europe, especially the USA and Asia.

The 2008 Pago Report is the seventh edition of “Trends in E-commerce Purchasing and Payment Behaviour Based on Real Transactions.”   It analyzes European online consumer and payment behavior, and non-payment risks and trends in e-commerce. Analysis is based on 30 million transactions processed by Cologne-based Pago from e-commerce sites.

Other data from the report:

• The most active online consumers, in order, are British, German, French and Irish.

• German online consumers make about one-third of their purchases between October and December, while UK consumers make less than 10% of their purchases during that period. The peak time for British consumers to buy online is between May and September.

• 20% of all weekly transactions are executed in the UK on Saturdays or Sundays. In comparison, consumers outside the UK and Germany account for 26% of their purchases over the weekends.

• German consumers still pay for two out of three purchases with payment methods other than the credit card. Consumers in UK and from the rest of Europe and non-European customers use credit card payment for over 90% of their online purchases.

“E-commerce is still a black box for many. The Pago Report attempts to shed light on the matter,” says Markus Weber, Pago eTransaction Services GmbH’s managing director. “In contrast to all other studies which are based on polls, the Pago Report is unique. We analyze real-life purchase transactions processed by thousands of European merchants through the Pago platform. This gives a valid picture of e-commerce which is not only interesting for experts and researchers but also provides European merchants valuable information to assist in their entry into this promising market.”

In other U.K. eCommerce News, results from a new survey conducted by software firm Maginus, suggested that 76 per cent of online retailers have seen higher sales in the last year, with almost half of these seeing an increase in excess of 20 per cent.

Furthermore, those who utilise more than one sales channel have seen the greatest revenue increases - 84 per cent of retailers said they experienced higher sales from customers adopting a multi-channel approach than from those who use only one medium.  About 76 per cent of retailers also said they had plans to redesign their existing e-commerce website in the next year.

Russell Dorset, sales and marketing director at Maginus, said that retailers should also make preparations to cope with higher traffic.  "Slow server response or downtime on an e-commerce website may result in a lost sale, or even worse a poor customer experience may mean a customer never visit[s] your site again," he remarked. Over half of retailers are considering implementing user-generated content such as reviews into their e-commerce portals, according to a report released by E-consultancy last year.

Ireland's E-Commerce Predicted to Grow 50% from Last Year

Trend seems to be developing "everywhere"

A leading Irish ecommerce firm has predicted that the number of consumers shopping online this Christmas could increase by as much as 50% in comparison to the same period last year.

Editor's Note: For more information on the development of ecommerce in Ireland, click here.

Magico.ie says that although traditional high-street retail activity is suffering a downturn, Internet sales in Ireland are likely to smash all previous records this year as more and more price-conscious and time-poor consumers do their festive shopping online.

The company warned, however, that the Irish retail sector had not fully explored the potential of the online shopping market and was losing out on potential business to competitors throughout the world.  It indicated that many Irish small and medium enterprises needed to adapt to the growing trend among consumers who were opting to order their gifts from the comfort of their own home.

‘There is no doubt that the Internet has transformed the way Irish consumers shop and interact with the companies from which they buy’, commented Mr. Paul McGurran, Director of ecommerce, Magico.ie.  He explained, ‘Consumers, as they become more Internet-savvy, are using the Web to research gift purchases in the lead up to Christmas. Once they have narrowed down their selection many shoppers will actually visit numerous stores based on this research. Therefore, for a certain category of shopper the Internet is the first place they look prior to making a store visit.’

Mr. McGurran added that the increase in online retail activity was stimulated by numerous other factors, including time-poor consumers, greater broadband penetration across Ireland and Irish people living abroad.  ‘There is a growing tendency for shoppers to leave Christmas gift buying later into the festive season and due to time pressures many will purchase online. This option gives last minute shoppers a wide selection of possible gifts, often coming with a gift-wrapping service as extra. The online shop also takes on the role of shipping items onwards to the recipient’, said Mr. McGurran.  He continued, ‘Furthermore, many Irish abroad find the Web the obvious place to do their Christmas shopping for family still based in Ireland. This works both ways - some ex-pats will go online and use Irish based online shops to get attractive shipping rates, and conversely some Irish based consumers with family abroad may also send gifts via local online shops to friends overseas.’

The increase in shoppers using the Internet to purchase Christmas gifts is not an Irish phenomenon, with similar trends being experienced throughout much of Europe. Research shows that increasing numbers of people spend more time researching and buying online in the run-up to Christmas in comparison to those who do the same on the high street.

In the UK, the IMRG Capgemini e-Retail Sales Index claims there was a 65% increase in the numbers shopping online last Christmas compared the 2006 festive season. In recent years, the Royal Mail has had to employ extra staff to cope with the increasing volumes of mail that has arisen as a result of increased online purchases.

Commenting on the wide-ranging benefits for retailers that trade online, Mr. McGurran said, ‘Once a retailer starts trading online they immediately open up their shop to consumers beyond their natural catchment area. We notice that many of Magico’s clients are getting Web orders from London, Berlin, Dublin, Cork and from remote parts of Ireland. Often orders come in from towns and regions where the retailer does not have a physical retail presence.’

He pointed out that companies that had expanded their business into the online market were also experiencing an increased footfall on their premises. Mr. McGurran stated, ‘Both sides of the business benefit each other because a lot of people browse at home and come in to buy and other people go to the stores and then buy on the Internet. However, many Irish retailers have yet to realise this and are unknowingly denying themselves profits at the most lucrative time of the year.’

‘Irish businesses need to sit up and take notice of the steady growth in retailing via the Internet in the run up to and during the Christmas period. With the much talked of slowdown in the Irish economy and an increasingly price conscious consumer, Irish retailers really have no option but to invest in their own ecommerce and online sales store’, concluded Mr. McGurran.

Magico.ie was established in 1999 and currently employs 13 people at its headquarters in Ennis, County Clare. Its current client base includes Fujipix.ie, The Bag Shop, Smyths Toys, Irish Auctioneers & Valuers Institute, Evergreen Healthfood, Munster Rugby Supporters Club, Freshways Sandwiches, Sisk Builders and Fitzpatrick Design Hotels. The Magico.ie team consists of industry experts who have worked on large Irish and overseas ICT projects with partners such as IBM, Microsoft, Tesco.com, Ireland Online, Bank of Ireland Asset Management, and many more.  For more log on to www.magico.ie.

E-commerce Is Outpacing Bricks and Mortar


Q: I've been told that Internet retailers are growing faster than traditional ''bricks and mortar'' stores. Is this true?

A: Yes, according to the U.S. Commerce Department: ``Total retail sales (excluding petroleum, autos and restaurants) grew 3.7 percent last year. Retail stores grew 3.1 percent (one-quarter of a percent after inflation). By comparison, e-retailing grew 22 percent and remained by far the fastest-growing component of the nation's retail economy.''

Forrester Research (Forrester.com), an independent technology and market-research company, points out: ``U.S. online retail reached $175 billion in 2007 and is projected to grow to $335 billion by 2012.

Business-to-consumer (B2C) eCommerce continues its double-digit year-over-year growth rate, in part because sales are shifting away from stores and in part because online shoppers are less sensitive to adverse economic conditions than the average U.S. consumer.''

eMarketer.com forecasts: ``B2C e-commerce sales in Asia and the Pacific Area will grow at a 23.3 percent annual rate, reaching $168.7 billion by 2011. Japan is currently the largest market, by far, and South Korea ranks second. But by 2011 both will lose share to two up-and-comers -- China and India.''

Here's info from China Internet Network Information Center's Survey Report on Online Shopping in China 2008. They say, ''The total amount of online shopping in 19 big cities in China reached $2.35 billion in the first half of 2008.'' More than 40 percent of the online buyers surveyed shop online at least once a month.

India's largest online retailer, FutureBazaar.com, is a subsidiary of FutureGroup, a $1.2 billion holding company that operates Pantaloon Retail, the country's largest retailer.

You'll spot many valuable differences in marketing techniques. CEO Sankersen Banerjee reports: 'A full 45 percent of our orders come from outside our large metropolitan areas. Local couriers deliver packages since India's postal system only accepts documents. Address standardization is a major problem. A typical address might read something like `The apartment above the store on the corner.' ''

An economic boom in Brazil is changing the lives of millions. Wal-Mart opened its first store in Sao Paulo during 1995 and now has 152 stores in 14 states. Their sales in Brazil have grown at more than twice the pace of sales in the United States, reaching $9.04 billion in 2007. Now they're plunging into eCommerce with plans to invest $722.8 million to keep up with country's fast-growing consumer demand.

How about you? Your brightest idea will fail to attract profitable revenues if you fail to create an eCommerce store that provides uninterrupted shopping with an assurance of a secure online transaction.

There's an African proverb that encourages learning: Every morning in Africa, a gazelle wakes up. It knows it must run faster than the fastest lion or it will be killed. Every morning a lion wakes up. It knows it must outrun the slowest gazelle or it will starve to death. It doesn't matter if you are a lion or a gazelle. When the sun comes up, you better start running.

So, how fast are you running?
Special to The Miami Herald

Disqus for ePayment News