An international computer hacker pleaded guilty on Friday in a Boston courtroom to multiple charges relating to hacking activity and credit card fraud. More than 40 million credit and debit card numbers were stolen from major U.S. retailers as a result of the hacking activity.

Albert Gonzalez, 28, of Miami, pleaded guilty to 19 counts of conspiracy, computer fraud, wire fraud, access device fraud and aggravated identity theft relating to hacks into numerous major U.S. retailers including TJX Companies, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble and Sports Authority. Gonzalez was indicted in August 2008 in the District of Massachusetts on charges related to these hacks.

Gonzalez also pleaded guilty to one count of conspiracy to commit wire fraud relating to hacks into the Dave & Buster’s restaurant chain.

Some of the luxuries Gonzalez accumulated during his tenure as a criminal that he now has to forfeit include $2.7 million dollars, multiple items of real estate and personal property, including a condo in Miami, a 2006 BMW 330i, a Tiffany diamond ring and Rolex watches. Included in the forfeited currency is more than $1 million in cash, which Gonzalez had buried in a container in his backyard.

“Consumers must be able to trust that the credit and debit cards they use everyday in thousands of stores around the world are safe from unlawful access,” says, Assistant Attorney General Lanny A. Breuer of the Criminal Division.

Computer hacking and identity theft pose serious risks to our commercial, personal and financial security. Technology and the global world we live in has forever changed the way we do business, virtually erasing geographic boundaries.

U.S. Secret Service Director Mark Sullivan says, “However, this case demonstrates that even in the cyber world, there is no such thing as anonymity.”

According to the court documents Gonzalez and his co-conspirators broke into retail credit card payment systems through a series of sophisticated techniques, including “wardriving” and installation of sniffer programs to capture credit and debit card numbers used at these retail stores.

Wardriving involves driving around in a car with a laptop computer looking for accessible wireless computer networks of retailers. Using these techniques, Gonzalez and his co-conspirators were able to steal more than 40 million credit and debit card numbers from retailers. Also according to the indictments, Gonzalez and his co-conspirators sold the numbers to others for their fraudulent use and engaged in ATM fraud by encoding the data on the magnetic stripes of blank cards and withdrawing tens of thousands of dollars at a time from ATMs.

Based on the terms of the Boston plea agreement, Gonzalez faces a minimum of 15 years and a maximum of 25 years in prison. Based on a New York plea agreement for crimes there, Gonzalez faces up to 20 years in prison, which the parties have agreed should run concurrently. He also faces numerous fines.

Related posts:

1. Madoff’s Financial Chief Pleads Guilty In New York
2. Dena Riley Pleads Guilty in Videotaped Sex Killing Case
3. Turkish courts hands out 30 years to hacking godfather

Stolen identities are traded on the web all the time. The information can be as simple as credit card information and email address or in some case complete records. It is this type of trading of personal information that a British company by the name Lucid Intelligence intercepts and then stores in their own database. This database contains the records of four million Britons and 40 million people world-wide, most of which are Americans.

The database is controlled by Colin Holder who happens to be a retired Metropolitan police officer. He has spent the last four years collecting all this data through sources that include police departments around the world, which includes both the British police departments and the FBI in the US. AS well he gets information from anti-phishing and hacking groups groups.

Of course all this hasn’t come freely as Mr. Holder has invested £160,000 into the project so far. In order to recoup that money as well as turn a profit Mr. Holder is planning on letting the public access his database but for a fee.

This whole thing isn’t being done without some concerns being voiced about protection of personal data. This in turn has the Information Commissioner keeping a close eye on the database as it grows.

The legality of the database could be put to the test in the coming week. The Information Commissioner’s Office said it could not endorse a commercial service or make a ruling on its validity unless someone made a complaint. But the privacy watchdog said it had “provided advice to help the company comply with the principles of the Data Protection Act”.

Source: Times Online :: Four million British identities are up for sale on the internet

Yup I can see how moving everything we do to the cloud is going to be safer – not!

Related posts:

1. Six Million Hacked Identities Posted Online
2. FAA Bird Strike Database Made Public
3. $250 plus a little war-driving equals stolen identities [VIDEO]

The New York Times posted an article today detailing how most Americans’ Social Security Numbers are easily guessed due to an “architecture of vulnerability” that has arisen alongside the internet.

The number we’ve been told to guard with our lives and only make known when absolutely necessary for fear of Russian cybercriminals running up an eBay tab under our names- some researchers at Carnegie Mellon have found a way to crack it using cutting edge technologies… such as Facebook and MySpace. A spokesman for the Social Security Administration told the Times that citizens should “not be alarmed” by the findings because there is “no foolproof method for predicting a person’s Social Security number.”

Is your SSN one of the more crackable? Researchers pointed out some areas where vulnerabilities are more likely to exist. If you were born in a smaller state, for instance, patterns in how numbers are currently issued make it slightly less difficult to guess those numbers. And if you were born after 1988, you can thank Uncle Sam for leaving your ass exposed- around that time, the government became more strict in “encouraging” parents to obtain SSNs for new familial additions.

The representative for the Social Security Administration also said plans are in place to begin randomizing new SSNs beginning next year, which is no help to any of us who are- you know- alive like, right now. While the SSA waves off the findings as something pretty much everyone knew already- oh hai guys thanks for telling us- a researcher who released the study expressed a desire for awareness regarding the system’s vulnerabilities. Alessandro Acquisti, an associate professor of information technology and public policy at Carnegie Mellon told the Times:

“My hope is that publishing these results may open a window of opportunity, so to say, to finally take action,” Mr. Acquisti said. “That S.S.N.’s are bad passwords has been the secret that everybody knows, yet one that so far we have not been able to truly address.”

Related posts:

1. Mozilla Releases Security Patch
2. Microsoft Issues Emergency Security Bulletin – Update Now
3. Online Social Networks Now Playground for Hackers

Back in November 8th of 2008 in a coordinated move low level cashers hit ATM machines in 49 cities world wide for a haul of $9 million. The way it was done apparently is that a single hacker or a hacking ring broke into the computer system of RBS WorldPay and duplicated or cloned people’s ATM cards. At the same time they also lifted the daily limits that are typically placed on all ATM cards. This way the cashers could go back time and time again hitting those same accounts.

The RBS Web site says that card holders will not be responsible for any unauthorized transactions. But there is fear that the hackers might have had access to sensitive information used in identity theft for a potential 1.5 million customers — including their including Social Security numbers.

"The number of machines that were accessed, the number of cities that were targeted, and the number of people that had to be involved in this is quite significant," Agent Rice said.

Investigators are hoping a break in the case may come from one of the cashers. The theory is they probably were recruited, paid a small fee to be solders in the scam, and might be likely to rat out the people who hired them.

There are millions of people out there these days with these payroll cards. RBS officials say they have sent out letters to anyone who might have been affected. They are also offering one-year credit protection for people whose Social Security number may have been jeopardized by this scam. However, the good news is that it doesn’t look like any identity theft has occurred yet.

So far, the FBI has no suspects and has made no arrests in this scam. An attorney in Atlanta has filed a class-action lawsuit against RBS WorldPay for allegedly failing to protect personal information.

Source: Fox 5

Video courtesy of Fox 5

[hat tip to Threat Level]

Related posts:

1. International Computer Hacker Pleads Guilty For Attacks On U.S. Retailers
2. Hackers take Citibank customers for $2 million
3. FDIC Denies Sending E-mails To Consumers, Warns Of Phishing Scam

Remember that big TJ Max hacking news that broke a few years ago? Well apparently the man responsible for selling off all of that data has been sentenced to 30 years in a Turkish prison. Unfortunately though his prison time has nothing to do with the TJ Max affair; or other US hacking attacks on businesses that the Justice Department believes he is responsible. the sentence handed out by the Turkish court has to do with hack attacks on a number of banks in Turkey.

Maksym Yastremski is alleged to be the notorious “Maksik” who is well known in the hacking underground as one of the top online sellers of stolen credit and debit card information. US Prosecutors in an unsealed indictment alleged that Yastremski earned more than $11 million in his sales of stolen data in the period of 2004 to 2006.

He is further alleged to have worked with Albert “Segvec” Gonzalez of Miami where Gonzalez served as Yastremski’s stateside hacker. Along with two other people Gonzalez allegedly hacked into TJX and other companies and scooped up at least 40 million credit and debit cards.

One down and a few thousand hackers to go eh.

[hat tip to Threat Level]

Related posts:

1. International Computer Hacker Pleads Guilty For Attacks On U.S. Retailers
2. Chinese Man Steals Motorcycle – Piece by Piece – For 5 Years
3. Turkish Boy Run Down in Horrific Car Crash (VIDEO)

It’s one thing to have a camera shoved up your ass where ever you go in England but that doesn’t appear to be good enough for the powers that be in England; or the European Union. According to a report in the Times Online today the English Home Office has very quietly (I wonder why) adopted a new plan that will allow police across Britain to routinely hack into people’s personal computers without a warrant.

Without a warrant!

WTF England – why are you putting up with this shit. How much more are you going to take from your government and the loss of any sense of individual privacy or rights? No longer are your e-mails, your web browsing habits or your instant messages yours alone. No .. now your government through the police can at anytime through their discretion; or on behalf of other EU police forces, invade your personal computer.

Under a fresh Brussels decision the police across the EU have been given the green light to expand the implementation of a rarely used power involving warrantless intrusive surveillance of private property. This strategy will allow French, German and other EU forces to ask British officers to hack into someone’s UK computer and pass along any information they find there.

It only takes a senior officer’s approval as long as that officer believes that it is proportionate and necessary to prevent or detect a serious crime – which would mean any crime that would get you three years or more in jail.

England may be the country of my birth but it sure as hell isn’t a country I would ever want to return to anymore – not even for a visit.

Related posts:

1. It takes 1,000 cameras to solve only one crime
2. Technician Finds MySpace Privacy Hack
3. Law Enforcement 2.0 – cops going social