GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?

Table of Contents

Lead Story

Gen Y poised to rock payments


Industry Update

Senate committee brings interchange to account set for Boot Camp

Opening Pandora's Box?

HMS' parent sold

Alleged TJX cyber criminals indicted

Payments primed for new growth

To listen actively

Vicki M. Daughdrill
Small Business Resources LLC


GS Advisory Board:
What's up in this downturn? - Part I

In transit with the unbanked

Generation Y not?


Banking on generational changes

Patti Murphy
The Takoma Group


Street SmartsSM:
Telemarketing - The horn of plenty

Jason Felts
Advanced Merchant Services

Bold new mode in modems

Dale S. Laszig
DSL Direct LLC

It really isn't what you know

Nancy Drexler
SignaPay Ltd.

The buyers are back

Lane Gordon

To listen actively

Vicki M. Daughdrill
Small Business Resources LLC

The buyers are back

Lane Gordon

Company Profile

IMS Inc.

New Products

Mirror success with facecard

Company: edő Interactive

Data breach insurance has your back

Merchant Data Security Policy
C.L. Frates and Company


Burnish legacy with mentoring

Burnish legacy with mentoring



Resource Guide


A Bigger Thing

The Green Sheet Online Edition

August 25, 2008  •  Issue 08:08:02

previous next

Alleged TJX cyber criminals indicted

Hackers are adept at staying one step ahead of the law. However, U.S. authorities caught the alleged cyber crooks who compromised the TJX Companies Inc. computer systems in 2006 and stole the credit and debit card numbers of over 40 million TJX retail network customers.

The 11 conspirators who allegedly hacked the networks of nine TJX retailers were charged with conspiracy, computer intrusion, and fraud and identity theft. It is reportedly the largest hacking and identity theft case ever prosecuted by the U.S. Department of Justice.

International ring of thieves

In an indictment returned on Aug. 5, 2008, by a federal grand jury in Boston, Albert Gonzalez of Miami was charged with computer fraud, wire fraud, access device fraud, aggravated identity theft and conspiracy.

Similar indictments were also filed against Maksym Yastremskiy of Kharkov, Ukraine, and Aleksandr Suvorov, of Sillamae, Estonia.

In May 2008, the three were also charged with crimes related to the Dave & Buster's Inc. restaurant chain, where credit and debit card information was stolen from at least 11 locations.

Of the remaining defendants in the TJX case, two are U.S. citizens, three come from Ukraine, two from China and one from Belarus. One other individual, whose name and place of origin is unknown, is still at large.

The indictment alleges that Gonzalez and his co-conspirators obtained the card information by "wardriving" and then hacking into the networks of TJX's major retailers.

Wardriving is defined as driving around in an automobile and searching with portable computers or personal digital assistants for wireless local area networks (LANs).

Once LANs are located, wardrivers collect information about the wireless access points (WAPS) of the networks. Hackers then use that WAPS information to electronically break into systems.

Internet funnel of funds

According to the Department of Justice, hackers used information culled by the wardrivers to get inside TJX's LANs and install "sniffer" programs, software that analyzes and captures card numbers, passwords and other customer account information.

The indictment also alleges that, after collecting the data, the conspirators concealed the information in encrypted computer servers throughout Eastern Europe and the United States. An unspecified amount of card numbers were then sold via the Internet to other criminals who encoded the stolen numbers onto the mag stripes of payment cards in order to withdraw money from ATMs around the world.

Furthermore, the defendants themselves are charged with using the stolen data encoded on blank cards to withdraw tens of thousands of dollars at a time from ATMs.

Gonzalez and his cohorts were reportedly able to conceal and launder their fraudulent profits by transmitting the currencies over the Internet and channeling the funds through Eastern European banks.

Gonzalez was arrested previously by the U.S. Secret Service in 2003 for access device fraud. He was working as a criminal informant for the Secret Service when the agency discovered his role in the TJX breach. If convicted, Gonzalez faces life in prison.

Inroads to redemption

According to SecureWorks Inc., a company that monitors Internet crime and provides security services to the public and private sectors, the number of hackers attempting to steal from banks and credit unions is up 71 percent since 2007. Cyber crime, the company said, is difficult to measure since most attacks go unreported or undetected. The tech-security community estimates computer data theft tops $100 billion per year.

"While technology has made our lives much easier, it has also created new vulnerabilities," said Michael J. Sullivan, U.S. Attorney for the District of Massachusetts.

The TJX case clearly shows how individuals with laptops and the correct software can cause major financial damage to individuals and businesses, he said.

"Consumers, companies and governments around the world must further develop ways to protect our sensitive personal and business information, and detect those, whether here or abroad, that conspire to exploit technology for criminal gain," Sullivan added.

The case was investigated by the Secret Service and the Internal Revenue Service Criminal Investigation Division. District Attorneys in California, New York and Massachusetts are prosecuting the alleged conspirators.

"Today's indictment is the result of a strong law enforcement partnership that brings together the necessary skills to follow alleged criminal activity from cyberspace to bank accounts," said IRS Criminal Investigation Chief Eileen Mayer. "We are committed to the government's efforts to stop this type of corruptive activity."

Mark Sullivan, Director of the U.S. Secret Service, said the technological advances and the global nature of cyber crime have "forever changed the way commerce is conducted, virtually erasing geographic boundaries.

"This case demonstrates how combining law enforcement resources throughout the world sends a strong message to criminals that they will be pursued and prosecuted no matter where they live," he said.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Board Studios