Three Charged in Largest Ever Credit Card Data Breach

The indictment alleges that P.T and Gonzalez would visit retail store locations and conduct surveillance to locate their computer servers to gain access to the store's corporate headquarters. "Gonzalez and P.T. would travel to retail stores of potential corporate victims, both to identify the payment processing systems that the would-be victims used at their point of sale terminals (e.g., "checkout" computers) and to understand the potential vulnerabilities of those systems," the indictment alleges.

It is unclear how many of the compromised numbers resulted in fraudulent transactions, Robert Siciliano, an identity theft expert and consultant in Boston told ABC News. "I can't imagine that with so many cards compromised that there would be no fraudulent purchases," said Siciliano. He added that the companies involved do not have to disclose if cards were actually used. "It's not in the best interest of retailers to disclose this either, since the purchases would have to be nullified," he said.

The charging documents also allege that Gonzalez and the other hackers openly discussed targeting Hannaford Brothers supermarkets In reference to a March 2007 internet chat, the indictment alleges that Gonzalez and the other hackers openly "participated in a discussion over an internet messaging service in which one of the participants stated 'planning my second phase against Hannaford.'"

Dave and Buster's Case

The hackers used a series of computers they leased and established in New Jersey, California, Illinois, Latvia, the Netherlands and Ukraine as part of their hacking platform, according to the indictment. It also alleges that "Gonzalez, HACKER 1, HACKER 2, and P.T. would conceal their efforts to hack into the corporate victims' networks by, among other things, leasing the hacking platforms under false names, communicating over the Internet using more than one messaging screen name, storing data related to their attacks on multiple hacking platforms, disabling programs that logged inbound and outbound traffic over the hacking platforms."

The indictment also alleges that the hackers hid their tracks, "through the use of 'proxies' the Internet Protocol addresses from which their attacks originated."

Gonzalez is facing trial next month for the Dave and Buster's case in New York and trial in 2010 for the TJX case in Boston.

A Secret Service spokesman acknowledged that Gonzalez had been an informant in other cases but declined to provide specifics of his previous work for the agency. Gonzalez' attorney did not immediately return a call from ABC News.

Click Here for the Blotter Homepage.

-- This embed didnt make it to copy for story id = 8348543. -- This embed didnt make it to copy for story id = 8348543. -- This embed didnt make it to copy for story id = 8348543. -- This embed didnt make it to copy for story id = 8348543. -- This embed didnt make it to copy for story id = 8348543. -- This embed didnt make it to copy for story id = 8348543. -- This embed didnt make it to copy for story id = 8348543. -- This embed didnt make it to copy for story id = 8348543.

Page
  • 1
  • |
  • 2
Join the Discussion
blog comments powered by Disqus
 
You Might Also Like...