Hacker swipes 130m credit cards

WASHINGTON: US companies and law enforcement agencies were facing fresh questions yesterday about the ease with which hackers can penetrate their defences and make off with vital data about consumers, following the arrest and charging of a Miami man for what is allegedly the biggest credit card scam in history.

Albert Gonzalez, a 28-year-old former informant for the US secret service who helped authorities track hackers, was charged with conspiring to steal

the details of 130 milliom credit cards. The charge sheet detailed a complex history of online skullduggery in which Gonzalez used three internet aliases: segvec, soupnazi and j4guar17, each marking different stages in his life.

The alleged fraud was perpetrated through devices that could penetrate computer networks, steal card data and send it to servers in the US and Europe, prosecutors say. Acting US attorney general, Ralph Marra, praised the investigators “in tracking down cutting edge hacking schemes committed by hackers working together across the globe”.

But computer security experts suggested that the ruse allegedly devised by Gonzalez and two other accused men from eastern Europe was actually relatively simple and the real question was the failure of big US companies involved to properly defend their computer systems.

“None of this is revolutionary or the work of rocket scientists — it’s the kind of thing we see everyday,” said Graham Cluley, a consultant with hi-tech security company Sophos. He added: “It seems to me that there was a concerted effort to target major retailers, and there is egg on the face of these large corporations for failing to protect their data adequately.”

The charge sheet says Gonzalez with two others who “resided in Russia”, in December 2007 injected “structured query language”, a computer programming language designed to retrieve and manage data, into the computers of companies such as Heartland, one of the world’s biggest credit and debit card payment processing companies.

“Malware”, was used to identify, sort and export information.Other companies alleged to have been attacked include 7-Eleven and Hannaford Brothers, a supermarket chain.