Results 1 to 20 of 20
  1. #1
    Thailand Expat
    dirtydog's Avatar
    Join Date
    Jun 2005
    Last Online
    @
    Location
    Pattaya Jomtien
    Posts
    58,775

    US man 'stole 130m card numbers'

    US man 'stole 130m card numbers'


    The card details were allegedly stolen from three firms, including 7-Eleven

    US prosecutors have charged a man with stealing data relating to 130 million credit and debit cards.

    Officials say it is the biggest case of identity theft in American history.

    They say Albert Gonzales, 28, and two unnamed Russian co-conspirators hacked into the payment systems of retailers, including the 7-Eleven chain.

    Prosecutors say they aimed to sell the data on. If convicted, Mr Gonzales faces up to 20 years in jail for wire fraud and five years for conspiracy.

    He would also have to pay a fine of $250,000 (£150,000) for each of the two charges.

    Mr Gonzales used a complicated technique known as an "SQL injection attack" to penetrate networks' firewalls and steal information, the US Department of Justice said.

    His corporate victims included Heartland Payment Systems - a card payment processor, convenience store 7-Eleven and Hannaford Brothers, a supermarket chain, the DOJ said.

    According to the indictment, the group researched the credit and debit card systems used by their victims, attacked their networks and sent the data to computer servers they operated in California, Illinois, Latvia, the Netherlands and Ukraine.

    The data could then be sold on, enabling others to make fraudulent purchases, it said.

    Mr Gonzales is already in custody on separate charges of hacking into the computer system of a national restaurant chain.

    This latest case will raise fresh concerns about the security of credit and debit cards used in the United States, the BBC's Greg Wood reports.


  2. #2
    I don't know barbaro's Avatar
    Join Date
    Dec 2005
    Last Online
    @
    Location
    on pacific ocean, south america
    Posts
    21,406
    ^ So that's where those weird charges came from.

  3. #3
    Member bretby's Avatar
    Join Date
    Aug 2009
    Last Online
    21-04-2019 @ 09:49 PM
    Posts
    713
    I was recently contacted by the fraud dept. of one of my card issuers and was informed that some twat had tried to book 2 flight tickets to Latvia but it had been declined. Although they did get approval for 2 tickets to the Odeon cinema for a tenner.

    I said to the fraud dept that it was probably them (the bank) where the leak had come from and was told that a major supermarket chain had been attacked by a hacker and customer`s data stolen.

    So I guess that these hackers are more clever than the security experts these companies are using.

    I note that in the OP one of the victims was a card processor...so what chance have we got if even they can`t keep our data safe?

  4. #4
    Guest Member S Landreth's Avatar
    Join Date
    Sep 2008
    Last Online
    @
    Location
    left of center
    Posts
    7,765
    A Florida Native,…from the Miami Herald

    A Miami native who is one of the nation's most well-known hackers is charged with stealing 130 million credit card numbers -- a case prosecutors are calling the largest ever.

    snip

    PREVIOUS INCIDENTS

    The indictment represents the latest brush with the law for Gonzalez, a Cuban American high school graduate who became known to local hackers for his extraordinary computer skills and ability to navigate vast streams of data.

    In 2003, he avoided a conviction for credit card theft in New Jersey by agreeing to become an informant for the U.S. Secret Service. But federal agents discovered in 2007 that the man they were using as a key operative was actually carrying out his own secret venture to steal millions of credit cards.

    Armed with a laptop and a magnetic antenna, Gonzalez cruised along busy U.S. 1 in Miami tapping into the wireless networks of major retailers, including TJ Maxx, BJ's WholeSale Club, OfficeMax and Barnes & Noble, and stealing the records of sales made with a credit card, prosecutors say.

    He was indicted along with 10 others in federal court in Boston for stealing more than 40 million credit cards -- the largest heist of its kind at the time.

    Along the way, he amassed more than $1.65 million, a Miami condo, a BMW, a currency counter and a Glock 27. Prosecutors also said Gonzalez buried $1 million in the back yard of his parents' house in southwest Miami-Dade.

    Two others from Miami charged in the case, Christopher Scott and Damon Patrick Toey, have since pleaded guilty.

    A lot more to the story: Miami hacker accused of record credit card theft - Miami-Dade - MiamiHerald.com
    Keep your friends close and your enemies closer.

  5. #5
    ding ding ding
    Spin's Avatar
    Join Date
    Jul 2006
    Last Online
    @
    Posts
    12,608
    Quote Originally Posted by dirtydog
    He would also have to pay a fine of $250,000
    Shouldn't be a problem for him, he can put it on one of his cards

  6. #6
    Banned Muadib's Avatar
    Join Date
    Dec 2005
    Last Online
    @
    Location
    HELL
    Posts
    4,774
    "Mr Gonzales used a complicated technique known as an "SQL injection attack" to penetrate networks' firewalls and steal information, the US Department of Justice said."

    You just have to love Billy Gates and MS SQL Server... This type of hack has been going on for some time and there have been patches available for SQL Server to prevent SQL Injection attacks for some time... Problem is, no body applies the patches... This and the fact that a production SQL Server should NEVER be exposed to the public internet in the first place...
    Give a man a match, and he'll be warm for a minute, but set him on fire, and he'll be warm for the rest of his life.

  7. #7
    Member PBateman's Avatar
    Join Date
    Nov 2008
    Last Online
    09-05-2011 @ 08:07 AM
    Posts
    63
    Quote Originally Posted by Muadib View Post
    "Mr Gonzales used a complicated technique known as an "SQL injection attack" to penetrate networks' firewalls and steal information, the US Department of Justice said."

    You just have to love Billy Gates and MS SQL Server... This type of hack has been going on for some time and there have been patches available for SQL Server to prevent SQL Injection attacks for some time... Problem is, no body applies the patches... This and the fact that a production SQL Server should NEVER be exposed to the public internet in the first place...
    Finally!! An explanation to why my card was CANCELED whilst trying to do a ATM withdrawl in India ( this happned a few months ago ). Called my bank and all they would tell me was there was a security breach and new cards were issued ( to my US/Ca. address of course ). And NO! they were not going to pay for my plane ticket to retrieve it!!! Nor send it to me!!! Thank gawd I had a good friend WU me funds to keep my trip alive!!!

  8. #8
    Guest Member S Landreth's Avatar
    Join Date
    Sep 2008
    Last Online
    @
    Location
    left of center
    Posts
    7,765
    Miami hacker honed his skills at early age

    Years before his arrest in the nation's largest credit card heist, Albert Gonzalez launched a bold plan from a computer in his high school library: hack into the government network of India.

    By the time FBI agents descended on South Miami Senior High School, the quiet 17-year-old senior had already shattered the security systems and left his mark: offensive notes on government message boards.

    The successful breach of a network across the world stunned school administrators, but showed Gonzalez was already demonstrating the skills that would define him as one of the most prolific hackers in United States history.

    (Snip)

    At 8 years old, his parents, Maria and Alberto, bought him his first computer just as the Internet was maturing, and by the time he was 9, he was already figuring out how to remove viruses, said his attorney and longtime family friend Rene Palomino Jr.

    "He didn't go out and play football with his friends,'' Palomino said. "He was always in front of his computer. His best friend was his computer.''

    During elementary school he grew increasingly fascinated with the intricacies of computers -- and honing the skills that would serve him for the next two decades.

    While immersing himself in the developing technology of the 1990s, Gonzalez was spending much of his time alone, say several classmates.

    "He would be the type of guy that people don't really notice in class. The quiet, reserved and to himself person,'' said Cynthia Barberena, 27. "He was actually a very average guy. He wasn't popular. He was very quiet, very into his little group of friends.''

    Palomino said he first met Gonzalez when the youngster was serving as an altar boy at Principe de Paz, where his parents and older sister, Frances, also attended church.

    But Gonzalez's growing interest in computers and the Internet began to alarm his parents, Palomino said. ``After putting him to sleep, at one or two in the morning, his mother would find him still on the computer,'' he said.

    By the time he attended high school, he began taking computer classes, but he was far ahead of his classmates.

    In his final year, he and two other students took their skills too far when they connected to the school's library computer -- masking their location -- and then managed to crack the computer network of the government of India.

    "It was kid stuff,'' Palomino said. "It was just leaving ridiculous messages regarding their culture.''

    But Shaw said it was far from a prank. "The FBI came to the school, asking for our computers -- two of them -- in the library,'' he said. "We never had anything like this happen at the school.

    "What I remember is that they had to cancel checks over there because of what happened.''

    Palomino said Gonzalez wasn't charged with a crime at the time. "They just told him, `Stay away from your computer for six months.' ''

    (snip)

    For those who remember Gonzalez in earlier years, the public image of a serial offender comes as a surprise.

    "I was amazed,'' said Barberena, Gonzalez's classmate. "He was the kid that never got in trouble.''


    They grow so quick

  9. #9
    Guest Member S Landreth's Avatar
    Join Date
    Sep 2008
    Last Online
    @
    Location
    left of center
    Posts
    7,765
    From snitch to cyberthief of the century


    Investigators are still finding new evidence traced to Miami hacker Albert Gonzalez -- accused of ripping off millions of credit cards while on the payroll of the Secret Service.

    On May 7, 2008, federal agents swept through Miami-Dade looking for evidence that one of their best informants was also one of the world's biggest cyberthiefs.

    Searching three homes and a luxury hotel room in South Beach, they found 14 computers, $400,000 in cash, six firearms, expensive jewelry -- and even stumbled on a marijuana grow house.

    What they missed was the most compelling evidence in Albert Gonzalez's life of crime: a three-foot drum buried in his parents' backyard stuffed with $1.1 million wrapped in plastic bags. The money -- like so many other pieces of evidence -- wasn't unearthed until this year by federal agents still unraveling a case that continues to confound even the most seasoned cyberspace investigators.

    Federal agents announced after last year's raids that Gonzalez had orchestrated the largest credit-card heist in the nation's history -- 41 million cards stolen from Americans. But last week, they came back with even more evidence to show Gonzalez had masterminded a fraud three times as large.

    Though Gonzalez has been in jail since the raids last year, investigators are still finding new evidence traced to the years the Miami native was ripping off millions of credit cards -- while on the Secret Service's payroll.

    3 pages more: From snitch to cyberthief of the century - Miami-Dade - MiamiHerald.com

  10. #10
    Member PBateman's Avatar
    Join Date
    Nov 2008
    Last Online
    09-05-2011 @ 08:07 AM
    Posts
    63
    Hollywood has gotta have a trailer park full of hacks working on this one!!!

    "Catch me if you can?" part 2!

  11. #11
    Thailand Expat jandajoy's Avatar
    Join Date
    Mar 2008
    Last Online
    02-11-2016 @ 08:50 AM
    Posts
    19,599
    Why do I feel a sneaking respect for the guy?

  12. #12
    The Pikey Hunter
    Gerbil's Avatar
    Join Date
    Jan 2006
    Last Online
    @
    Location
    Roasting a Hedgehog
    Posts
    12,356
    Quote Originally Posted by Muadib View Post
    "Mr Gonzales used a complicated technique known as an "SQL injection attack" to penetrate networks' firewalls and steal information, the US Department of Justice said."

    You just have to love Billy Gates and MS SQL Server... This type of hack has been going on for some time and there have been patches available for SQL Server to prevent SQL Injection attacks for some time... Problem is, no body applies the patches... This and the fact that a production SQL Server should NEVER be exposed to the public internet in the first place...
    a) It's not a problem with Microsoft SQL Server, any SQL database is vulnerable.
    b) The vulnerabilitiry is in the web application itself, not the database in that it is not sufficiently 'cleaning' data entered by a user before passing it to the database.
    c) It makes no difference whether the SQL server is publicly accessible or privately accessible (although private is obviously better), as the web application itself must have access to it in order to work.

    In short the issue is with poor security in the web application, not the database.
    You, sir, are a God among men....
    Short Men, who aren't terribly bright....
    More like dwarves with learning disabilities....
    You are a God among Dwarves With Learning Disabilities.

  13. #13
    Guest Member S Landreth's Avatar
    Join Date
    Sep 2008
    Last Online
    @
    Location
    left of center
    Posts
    7,765
    Notorious Miami ID thief to get at least 15 years in plea deal

    Albert Gonzalez, the Miami man indicted in the nation's two largest identity theft cases, will serve at least 15 years in prison for his role in a scheme to steal more than 40 million credit-card records from retailers.

    Gonzalez agreed to plead guilty to 19 felony counts in a Massachusetts indictment for tapping into the computer networks of companies that included TJ Maxx, Barnes & Noble and OfficeMax, according to documents filed Friday by federal prosecutors. Gonzalez will also plead guilty to a second indictment for stealing credit-card data from 11 Dave & Buster's restaurants.

    The plea deal does not include the latest indictment of Gonzalez, filed in New Jersey on Aug. 17, which accuses him and two unnamed defendants of stealing more than 130 million records from a national credit-card processing center, a supermarket chain and the 7-Eleven convenience store chain.

    Under the deal, prosecutors will recommend a sentence of 15 to 25 years in prison for the 28-year-old hacker. The sentence would be served concurrent to any other sentence Gonzalez may receive if found guilty in the New Jersey case.

    Gonzalez also agrees to forfeit $1.6 million and other assets, including several computers and his condominium near Tropical Park. He is expected to appear in court before Sept. 11.

    Link: http://www.miamiherald.com/news/breaking-news/story/1206667.html

  14. #14
    Member
    Join Date
    Feb 2009
    Last Online
    19-02-2012 @ 02:00 PM
    Posts
    124
    Am I right in reading this that the firms kept the CC data? If so, why? Surely when the transaction is complete the data should not be retained.

  15. #15
    disturbance in the Turnip baldrick's Avatar
    Join Date
    Apr 2006
    Last Online
    Today @ 05:24 PM
    Location
    Heidleberg
    Posts
    21,541
    the tard was no uber hacker

    the sniffer was created by Stephen Watt as part of project mayhem
    White-Hat Hate Crimes on the Rise

    pleaded guilty in December to creating a sniffing program dubbed “blabla” that Gonzalez and others allegedly used to steal millions of credit and debit card numbers from TJX and other companies.
    Stephen Watt/JimJones/Unix Terrorist to be Sentenced Monday

  16. #16
    Thailand Expat
    BobR's Avatar
    Join Date
    Jan 2009
    Last Online
    25-05-2019 @ 12:56 PM
    Posts
    7,760
    The best part is how much money this is going to cost these American corporate scum to reissue that many new cards and numbers. Currently American banks get free loans from the Government then charge they customers up to 30% interest on card balances.

  17. #17
    disturbance in the Turnip baldrick's Avatar
    Join Date
    Apr 2006
    Last Online
    Today @ 05:24 PM
    Location
    Heidleberg
    Posts
    21,541
    ^ are you following the FOI case by Bloomberg vs the federal Reserve.

    the fed has claimed they cannot release names of the banks that are borrowing emergency funds as then the public will know which banks are fcuked

  18. #18
    Guest Member S Landreth's Avatar
    Join Date
    Sep 2008
    Last Online
    @
    Location
    left of center
    Posts
    7,765
    BOSTON -- A computer hacker could spend more than 15 years in prison now that he has pleaded guilty to some of the largest thefts of credit card numbers.

    Albert Gonzalez of Miami pleaded guilty Friday in federal court in Boston to invading the computer systems of such retailers as TJX Cos., BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble and Sports Authority. Federal authorities say tens of millions of credit and debit card numbers were stolen.

    Gonzalez also pleaded guilty to conspiracy to commit wire fraud, for hacks into the Dave & Buster's restaurant chain, in a New York indictment.

    Link: Miami hacker Albert Gonzalez pleads guilty to credit card theft - Breaking News - MiamiHerald.com

  19. #19
    I am in Jail

    Join Date
    Apr 2008
    Last Online
    09-07-2011 @ 12:54 AM
    Posts
    3,536
    Quote Originally Posted by bretby
    So I guess that these hackers are more clever than the security experts these companies are using.
    And this will be his next career, how much you want to bet he becomes a security specialist and doesn't do do any significant amount of time over this?

    Quote Originally Posted by S Landreth
    Albert Gonzalez, the Miami man indicted in the nation's two largest identity theft cases, will serve at least 15 years in prison for his role in a scheme to steal more than 40 million credit-card records from retailers.
    And I doubt he'll do more than a year, if that... He'll be secreted off by some intelligence agency and recruited into the ranks in exchange for commuting his sentence and at the same time he'll make a tidy sum of money doing it..How else is he going to pay such high fines when he is in jail??

    It won't be the first time..

  20. #20
    Thailand Expat
    Join Date
    Jan 2006
    Last Online
    @
    Posts
    60,017
    New career DF?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •