American Albert Gonzales, accused of stealing the data of 130 million bank cards, has broken his own record: last May he was charged with stealing information on 40 million cards.
“As far as I know, this is the most complex and largest identity theft case that has been prosecuted in our country,” then-U.S. Justice Secretary Michael Mucchesi remarked in 2008 at a press conference in Boston, commenting on Gonzales’ first case.
At that time, 11 people were brought to trial, including three Ukrainians and one Belarusian, accused of criminal conspiracy, computer hacking, fraud and trafficking in stolen credit and debit card numbers.
It was no coincidence that the press conference at which Mukeisi spoke was held in Boston, where the case of the three conspirators, especially its mastermind, Gonzalez, a Cuban-American who only graduated from high school and trained as a computer programmer, was to be heard.
Since his arrest last year, the self-styled hacker Gonzalez has been held awaiting trial in Brooklyn’s MDC federal prison, where he was caught up in the news that a new case has now been filed against him in New Jersey for the theft of more than 130 million plastic card numbers and the personal data of their owners. As far as we know, that’s a world record.
The trial in last year’s Gonzales case is scheduled to begin in September.
Gonzales’ attorney Rene Palomino has so far declined to comment on the new case against his client.
Undercover
The 28-year-old long-haired Gonzales is well known to U.S. law enforcement. In 2003, he was arrested in New Jersey for credit card fraud. According to media reports, he did not want to go to jail and agreed to cooperate with federal investigators who were just about to launch the so-called Operation Firewall.
The target of the operation was a criminal group that girt around a website called Shadowcrew, where stolen credit card numbers were traded. Gonzales came to the aid of the feds and helped them infiltrate the site under the guise of buying stolen information.
Thanks to his help, authorities arrested 28 people in 2004 and forgave him his sins in gratitude.
As the New York Times wrote, police had no idea at the time that Gonzales was working for both sides, “leaking” information to his associates about how the investigation was going.
Kharkov Trail
After the conclusion of Operation Firewall, investigators got down to the business of finding out the sources of the information traded on the Shadowcrew website. Employees of the U.S. Secret Service office in San Diego soon became interested in a young Kharkov resident, Maxim Yastremsky, who was known in the global hacker underground as Maxik.
Investigators concluded that he was one of the largest sellers of stolen credit and debit card numbers in the world, the New York Times wrote a year ago.
Early last August, a criminal case was filed against Jastremski in San Diego. Prosecutors alleged that he made more than $11 million dollars from trading on other people’s data from 2004 to 2006 alone.
In July 2007, the U.S. Secret Service learned that Yastremski had gone on vacation to Turkey and reported it to Turkish authorities, who arrested him outside a nightclub in Kemer. He was subsequently sentenced to 30 years in prison for scams that victimized 12 Turkish banks.
Turkish investigators provided U.S. colleagues with a copy of the hard drive from Yastremski’s laptop. In addition to millions of other people’s plastic card numbers, they found a spyware program similar to the one that was used to steal data on credit card transactions at 11 Dave & Buster’s restaurants in the United States. According to investigators, the attack on the network’s computers was carried out by 24-year-old Estonian hacker Alexander Suvorov, who was later arrested in Germany.
The analysis of this program showed that it was very similar to the one that had been used to attack the computers of the American corporation TJX.
Having concluded that the same group of hackers was behind all these computer hacks, the investigators began to find out with whom Yastremsky was working in the United States. They were helped by the fact that the unknown American accomplice of the Kharkiv resident used the nickname soupnazi, taken from one of the American comedy TV series.
New case
.
The database showed that when Gonzales was arrested in 2003, he was using the Russian e-mail address soupnazi@efnet.ru. Informants told the Secret Service that Gonzales continued to use that nickname and also signed with the name segvec.
This name was also found in Yastremsky’s correspondence with his American accomplice. The circle has closed.
Investigators say they immediately stopped using Gonzalez’s services and began to develop him themselves. The result was the criminal case that U.S. Justice Department chief Mukeisi announced at a press conference in Boston last year.
Now a new one has followed that threatens Gonzales with 35 years in prison and a hefty fine. It’s brought against Gonzales (“aka segvec, aka soupnazi, aka j4guar17”) and two unnamed Russian hackers designated as Hacker 1 and Hacker 2. The 15-page indictment says they reside “in or near Russia.”
Careful preparation
.
Because Gonzales has long been in prison and the whereabouts of his associates are so vague, no arrests have been made in the case.
Court documents also list an “accomplice” to the defendants, identified by the initials P.T., who is not in the case. He resides “in or near Virginia Beach, Virginia, or in or near Miami, Florida.”
As alleged in the indictment, Gonzales and P.T. selected victims by studying a list of Fortune 500 companies. They visited the targeted sites to familiarize themselves with the payment equipment installed there. P.T. also scrutinized their websites to identify vulnerabilities.
Eventually, the defendants allegedly attacked computers at the 7-11 convenience store chain, the huge Heartland Payment Systems, Hannaford Brothers Co. supermarkets and two other retailers. The hackers also installed programs on the computers they hacked that gave them repeated access to the system.
Antivirus didn’t help
.
The bulk of the data, involving about 130 million cards, was stolen from Heartland, according to court documents. Hannaford, by comparison, had data on 4.2 million cards stolen.
The attacks were carried out from servers located in New Jersey, California, Illinois, Latvia, Holland and Ukraine. They stored malicious programs and stolen data about cards and their holders. The source of these programs was allegedly Gonzales.
Court documents cite a number of maneuvers by which the defendants allegedly covered their tracks. They also reportedly tested their tools against approximately 20 major anti-virus programs.
The attacks allegedly took place between 2006 and 2008. It is not yet clear how much they cost the affected companies. The prosecutor’s office claimed that the 11 defendants brought in last year caused damage to victims that exceeded 400 million dollars.
But at the time it was just 40 million stolen license plates.
Source: https://www.bbc.com/russian/international/2009/08/090819_bank_cards_steal