- The Washington Times - Wednesday, August 6, 2008

Albert Gonzalez and his cohorts needed only a laptop computer to perpetrate one of the worst credit card scams in history, federal investigators say.

The unsecured wireless computer systems of the nine retailers they passed on Route 1 in Miami proved an easy target for Mr. Gonzalez, who is accused of stealing information from millions of credit cards, with only a few strokes on a keyboard.

On Tuesday, Mr. Gonzalez and 10 others were indicted on charges of taking part in a sophisticated international identity-theft ring that devoured nine U.S. retailers, stealing 40 million credit card numbers and unknown amounts of money, according to court documents. Each retailer has stores in the Washington area.

“As far as we know, this is the single largest and most complex identity theft case that’s ever been charged in this country,” U.S. Attorney General Michael B. Mukasey said at a press conference in Boston announcing the indictment that targeted men in five countries.

Authorities aren’t sure how much the scam could cost consumers and retailers. The computer breaches began as early as 2003.

“I think it’s premature to calculate exactly how much the consumer has lost, how much the retailers have lost at this point in time and how much [the suspects] financially gained,” said Michael Sullivan, U.S. attorney for Massachusetts. “I suspect there are a lot of people that aren’t aware that their identifying information has been compromised.”

Authorities said Mr. Gonzalez hacked into systems belonging to TJX Corp., a discount chain that operates Marshall’s and TJ Maxx stores. He also infiltrated BJ’s Wholesale Club, Barnes and Noble Booksellers, the Sports Authority, Boston Market restaurants, Office Max, Dave & Buster’s restaurants, DSW shoe stores and Forever 21, a popular women’s clothing retailer.

After exploiting the systems, the indictment states, Mr. Gonzalez installed a “sniffer” program, which allowed him to capture information such as passwords and account numbers for debit and credit card numbers that customers had used.

Also facing charges are Christopher Scott and Damon Patrick Toey, both of Miami, who authorities say helped Mr. Gonzalez.

According to the indictment, the ring concealed the stolen credit card numbers in computer servers in the U.S. and Eastern Europe.

The ring sold some credit card numbers and encoded other numbers on the magnetic strips of blank cards, allowing the ring members to withdraw tens of thousands of dollars at a time, authorities said.

In related indictments in San Diego, Maksym Yastremskiy of Ukraine and Aleksandr Suvorov of Estonia face charges related to the sale of the stolen credit card numbers.

Hung-Ming Chiu and Zhi Zhi Wang, both of the People’s Republic of China, Sergey Pavolvich of Belarus and Dzmitry Burak and Sergey Storchak, both of Ukraine, also were indicted in San Diego. They and another person whose identity is not known to authorities are thought to be living abroad.

Mr. Gonzalez, Mr. Yastremskiy and Mr. Suvorov are in custody. They were indicted earlier this year in New York on previous charges of stealing credit card numbers from Dave & Buster’s restaurants.

Mr. Gonzalez also is accused of continuing to hack computers after a 2003 arrest that led him to become an informant for the Secret Service. He is being held in New York.

Story Continues →