|
Posted by Monty Solomon on August 22, 2007, 11:41 am
If you were Registered and logged in, you could reply and use other advanced thread options
Suspect named in TJX credit card probe
Ukrainian's arrest seen as break in record fraud case
By Ross Kerber, Globe Staff | August 21, 2007
Authorities have zeroed in on a Ukrainian man they suspect played a
key role in the sale of many credit card numbers stolen from TJX Cos.
in what is considered the biggest corporate data breach to date.
Officials hope the recent arrest of Maksym Yastremskiy will be a
breakthrough in the investigation of who hacked into systems at TJX
and other companies, said Greg Crabb, a program manager in the global
investigations division of the US Postal Inspection Service. The
service is among various law enforcement agencies trying to track
down hackers who made off with more than 45 million credit and debit
card numbers from TJX starting in 2005.
Crabb said Yastremskiy allegedly sold card numbers through online
forums hosted overseas, sometimes in Cyrillic or that were password
protected. He is likely the largest seller of stolen TJX numbers,
Crabb said.
Prices ranged from $20 to $100 per stolen card, and the cards were
sold in batches of up to 10,000, depending on factors like the credit
limits of the consumer accounts being traded. Crabb said Yastremskiy
is associated with at least one other Ukrainian man previously
charged with similar crimes, though unrelated to the TJX case.
...
http://www.boston.com/business/personalfinance/articles/2007/08/21/suspect_named_in_tjx_credit_card_probe/
************ Moderator's Note **************
The world is an unforgiving place when Americans assume
that "our" morality is supposed to apply everywhere. While
"Authorities" may hope that arresting one alleged criminal
will "cure" the problem, it's just a PR move to assuage
fears of identity theft.
The Internet supports _all_ facets of a global economy,
including the criminal ones, and if we assume that a
man in Nigeria is going to care about the so-called
penalites of online theft, then we're being naive.
On the one hand, a potential "419'er" can count on
thousands of dollars of free money, available just for
knowing how to type on a computer at a cyber cafe in
Lagos. On the other hand, the possibility of having
to bribe your way out of getting caught, or even
spending a few months in jail.
Mr. Yastremskiy is probably not from Lagos or anywhere
else in Nigeria. It doesn't matter. The 419'ers were
just the tip of the cyber-crime iceberge, but U.S.
corporations, ever eager to make a sale, have ignored
the basic security measures that would have protected
the credit-card data which TJX effectively gave away
to the first person and/or group smarter than the
least intelligent of TJX's computer security staff.
Make no mistake: U.S. companies that we entrust with
our financial data are a convoy of Titanics headed
for the coldest, hardest dose of reality in the
world: nobody respects "private" property when it's
"protected" by a social contract they're not party
to.
The fact is that we - the U.S. public - have been
babes in the woods as far as our personal info
is concerned. It is only the statutory limit on
credit-card fraud liability (IIRC, $300) that
has enabled TJX and other corporations to be
so negligent. Although that limit doesn't apply to
debit cards, the public doesn't _know_ that, and
so they continue to hand over their plastic whenever
it's asked for, without any thought of possible
consequences.
Of course, the corporate leaders who allowed this
to happen have protected themselves behind an
impenetrable wall of sincerity: impenetrable,
that is, by all who think words on a piece of
paper are a substitute for cold, hard cash on
the counter of the money agent in Lagos or whereever.
And, to add insult to injury, they're right:
although $300 is not chump change, it's still
small enough to keep most credit cards in use.
Sooner or later, however, the cyberthieves will
figure a way into the EFT system, and then the
only limit on liability will be the amount for
which the victim is insured. Until Bruce Schnier's
prediction comes true, and the underwriters have
to bear major insurance loses, there won't be
any meaningful security in U.S. Electronic Commerce.
YMMV.
Bill Horne
Temporary Moderator
|
| Similar Threads | Posted | | IVR System With Credit Card Transactions | March 30, 2006, 2:12 am |
| Ireland Gets World's First Disposable 'Credit Card' | August 30, 2005, 12:21 pm |
| Spurious Credit Card Charges From 800-624-0914 | February 3, 2007, 3:26 pm |
| After the Meal, the Credit Card Scanner Is Served | November 22, 2007, 12:24 pm |
| Boston Globe Credit Card Phishing Scheme | February 7, 2006, 8:47 am |
| Bogus Credit Card Charges From VOIP Carrier | February 12, 2007, 5:04 pm |
| "Reputed Mobsters" Plead Out in Phone and Credit Card Scams | February 14, 2005, 7:15 pm |
| Statement from Consumers Union About Huge Credit Card Theft | June 18, 2005, 1:42 am |
| Online Credit Card Fraud Getting Ahead of Ability to Stop it | September 19, 2005, 11:20 pm |
| Call Center Employee Arrested for Credit Card Fraud | September 3, 2006, 6:44 pm |
|
|
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map