Feds Announce 'Largest' ID Theft Case

Aug. 5, 2008— -- Federal prosecutors are gearing up for what they believe will be the biggest identity theft prosecution in U.S. history, after investigators broke up a major hacking ring allegedly responsible for stealing and selling more than 40 million credit and debit card numbers.

"As far as we know, this is the single largest and most complex identity theft case that's ever been charged in this country," Attorney General Michael Mukasey said today at a news conference in Boston.

Eleven suspects will face charges that include conspiracy, fraud and identity theft as part of the alleged scheme.

A federal grand jury handed down an indictment for Albert "Segvec" Gonzalez and prosecutors charged Christopher Scott and Damon Patrick Toey for allegedly hacking into wireless computer networks of several major corporations, including OfficeMax, Barnes & Noble, Boston Market, Sports Authority, Forever 21, DSW, BJ's Wholesale Club and TJX Companies, which operates retail stores T.J. Maxx and Marshall's. All three of the men reside in Miami.

Officials said that the companies involved cooperated with the investigation and made efforts to assist consumers who might have been affected by the breach. They encouraged anyone who believes their information might have been compromised to contact their individual financial institutions.

"They used sophisticated computer hacking techniques that would allow them to breach security systems and then install computer programs that gathered enormous quantities of personal financial data, which they then allegedly either sold to others or used themselves," Mukasey said. "They caused widespread losses by banks, retailers and customers."

Michael Sullivan, the U.S. attorney in Massachusetts, said, "It's alleged that in the course of their sophisticated conspiracy, Gonzalez and his co-conspirators obtained credit and debit card information by war driving. War driving is simply driving around in a car with a laptop computer, looking for accessible wireless computer networks."

Prosecutors claim that once the suspects gained access to the networks, they installed "sniffer" programs, which collect account numbers and information, such as passwords. The suspects then allegedly stored the data in encrypted servers located in Eastern Europe, and sold some of the account information online to clients both there and in the United States.