The Story Behind The Hackers Behind The Largest Credit Card Number Heist

from the soon-to-be-a-movie? dept

A few years ago, the story broke about how TJX, the corporate parent of a series of retail stores, including TJ Maxx and Marshalls, had suffered a huge data breach, after some hackers had accessed its computer network via an insecure wireless connection at one of the stores. A year and a half later, we wrote about the arrests of some of those involved. The following year, we wrote about another hack, at Heartland Payment Systems, that had the potential to surpass the TJX hack as "the largest ever" in terms of the number of records accessed. It later came to light that both hacks were actually done by the same guys, supposedly led by Albert Gonzalez, a hacker who was actually on the government payroll at the time (after turning informant upon being caught a few years earlier standing in front of an ATM with a handful of fake ATM cards).

Back in March, Gonzalez received a twenty year sentence for the crime -- the longest sentence for "hacking"-related crime in the US. Others involved in the deal have been sentenced to shorter terms recently as well. Now, Danielle Alvarez, from the Miami New Times, points us to an article written by the paper that details the story behind the hacking, and the folks involved -- including the news (which I hadn't seen elsewhere in following this story -- Update: a few people have pointed to this story that Wired had last year, which I had not seen before) that one suspect end up killing himself after hearing of Gonzalez's arrest. It's a long story, but reads like something that will get turned into a movie at some point. Of course, the study plays down the security flaws at the companies, like TJX, which sent unencrypted credit card data over its network (a point Gonzalez's legal team tried to make in properly calculating how much "damage" he did). Still, it's a fascinating story about a group of young hackers, who wanted to "get rich or die trying," and how at least one of them succeeded at the latter.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    Dark Helmet (profile), May 25th, 2010 @ 6:29am

    Deal!

    "It's a long story, but reads like something that will get turned into a movie at some point."

    As long as we get another topless Angelina Jolie for this Hackers 2 movie, they should make it. Zero Cool rides again!

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    NullOp, May 25th, 2010 @ 7:14am

    Hackerz

    Hmmm. Sounds like a good movie if Hollywood doesn't fuk it up! TJX got what they deserved. Security is for real. And some folks just want to screw you to screw you.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    DeathToNullOp, May 25th, 2010 @ 7:54am

    Re: Hackerz - TJX got what they deserve

    Fucking asshole. The company is not the one that got screwed, the customers are.

    But your to mother fucking stupid to realize that. Or just don't give a flying fuck.

    Asshole, your what drive by shootings are good for. The removal of scum.

     

    reply to this | link to this | view in thread ]

  4.  
    icon
    WarOtter (profile), May 25th, 2010 @ 8:09am

    Re: Re: Hackerz - TJX got what they deserve

    Apparently, you're what Prozac and grammar courses are designed for...

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, May 25th, 2010 @ 8:20am

    Re: Re: Hackerz - TJX got what they deserve

    deep breathes, in... out... ok... chill out. Put the gun down. down! put it down!

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, May 25th, 2010 @ 8:20am

    Re: Deal!

    Jolie is looking pretty weathered these days. Hackers2 would need a fresh new starlet.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, May 25th, 2010 @ 8:44am

    They could get Lindsey Lohan to play a part. She already had an arrest warrant out for her.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Anonymous Coward, May 25th, 2010 @ 8:47am

    The floppy disk hand-off scene with Zerocool and ThePlague is freakin hilarious....Plagues limo is pulling him on a skateboard....too ridiculous.

     

    reply to this | link to this | view in thread ]

  9.  
    icon
    greenbird (profile), May 25th, 2010 @ 8:55am

    Data was encrypted

    Everything I've read about this (except this article which doesn't get into details) stated that the data was encrypted but using the old WEP encryption. By 2007 this was easily crackable using off the shelf tools.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, May 25th, 2010 @ 8:59am

    From the article:

    When Jonathan was 6, he began spending whole days on his dad's PC. By middle school, he had switched the family PC from Windows to Linux so he could have more control over the code.

    Jonathan's parents were thrilled at his gifts but also wary of his disobedience. Once, when the boy was 13, his mother took away a computer after catching him online in the middle of the night. "He ran away from home and called to say that he wouldn't come back until he got his computer back," Bobby remembers. "We asked the police to trace the call, and he was at this Borders bookstore that was, like, four blocks away."


    This is the place where society went off the rails and the train eventually crashed. Fathers used to wear belts and they weren't afraid to use them. Now, if you hit your kid, you're a child abuser and our kids know it.

     

    reply to this | link to this | view in thread ]

  11.  
    icon
    Dark Helmet (profile), May 25th, 2010 @ 9:05am

    Re:

    "This is the place where society went off the rails and the train eventually crashed. Fathers used to wear belts and they weren't afraid to use them. Now, if you hit your kid, you're a child abuser and our kids know it."

    Oh, that's just GENIUS. Because I'm sure the prison systems of our country are absolutely rife with men and women that WEREN'T smacked around as kids....

    Idiot.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, May 25th, 2010 @ 9:45am

    ..and Ggogle gets nothign for the same...

    So he gets 20 years for capturing freely accessible data from their wi-fi, but Google says "I'm sorry - we captured freely accessible data from thousands of wi-fi systems - and tehy get nothing but some bad net-publicity.

    Murderers, drug dealers and rapists get less time than this guy; somethings terribly wrong here.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    out_of_the_blue, May 25th, 2010 @ 10:18am

    "a hacker who was actually on the government payroll"

    "one suspect ended up killing himself" -- People anywhere near a gov't op that gets exposed are *highly* likely to "suicide".

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Bruce Ediger, May 25th, 2010 @ 10:29am

    Wired covered Jonathan James' suiced in July of 2009:

    http://www.wired.com/threatlevel/2009/07/hacker/

    Looks like the Miami New Times actually did a lot of legwork and got some new details for their story, however. Good for them.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, May 25th, 2010 @ 10:36am

    sad story, especially Jonathan James' suicide. Albert deserves to serve a long time. even his plea comes across as arrogantly-contrite. amazing he had millions in cash in plastic tubs burried in his backyard.

     

    reply to this | link to this | view in thread ]

  16.  
    icon
    Mike Masnick (profile), May 25th, 2010 @ 10:47am

    Re: ..and Ggogle gets nothign for the same...

    So he gets 20 years for capturing freely accessible data from their wi-fi, but Google says "I'm sorry - we captured freely accessible data from thousands of wi-fi systems - and tehy get nothing but some bad net-publicity.

    Um, *totally* different situations. One, as noted elsewhere in the comments, the data wasn't on open WiFi, just on a super weak WEP system. Two, the hackers, once they got into the local network, hacked their way up to the overall corporate system. Three, Google wasn't scarfing down all of the data, just brief snippets as they drove by. Four, Google wasn't getting credit card info. Five, and most importantly, Google wasn't them selling them to organized criminals in Eastern Europe for millions in cash...

     

    reply to this | link to this | view in thread ]

  17.  
    icon
    Tom Landry (profile), May 25th, 2010 @ 12:58pm

    well, if you're going to lead a life of crime ya might as well go for the gusto......

     

    reply to this | link to this | view in thread ]

  18.  
    icon
    Rose M. Welch (profile), May 25th, 2010 @ 3:42pm

    Re: Re: Deal!

    Megan Fox?

     

    reply to this | link to this | view in thread ]

  19.  
    icon
    Liquid (profile), May 26th, 2010 @ 5:57am

    Re: Re: Re: Deal!

    Nah not Megan Fox the other hot chick from Transformers the one with the British accent.

     

    reply to this | link to this | view in thread ]

  20.  
    icon
    kevinmitnick (profile), May 26th, 2010 @ 10:15am

    Re: Deal!

    i have bunch of those datas. including track 1 and track 2 datas. i even hacked university grades. email at

    hacker4hire@hackermail.com

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    None, May 27th, 2010 @ 6:41am

    Have to add...

    You have to add the fact that the head security guy the company brought in to fix the problems quit because they would not let him do the right things or listen to his sound security advice which leaves them still vulnerable.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Anonymous Coward, May 27th, 2010 @ 8:55am

    Gay story

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Anonymous Coward, May 28th, 2010 @ 4:27am

    It's all true

     

    reply to this | link to this | view in thread ]

  24.  
    icon
    kevinmitnick (profile), Jun 18th, 2010 @ 9:17pm

    hacker for hire

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Duong, Aug 30th, 2010 @ 4:58pm

    Special Service Form Installsmarket, Loadssell, Carders, Wizard.(Offering The Best Skim Dumps,Track1/2 Bank Login And Cc Only.)

    Special Service Form Installsmarket, Loadssell, Carders, Wizard.(Offering The Best Skim Dumps,Track1/2 Bank Login And Cc Only.)

    Sell CVV2 Fresh:

    US CVV $2 Visa,US CVV $3 Master,US CVV $5 Amex,US CVV $6 Discover
    Uk CVV $6 Amex/Disc,Uk CVV $4 Master/Visa

    EU CVV $8 Disc/Amex,EU CVV $6 Master/Visa
    CA CVV $3 Master/Visa ,CA CVV $6 Disc/Amex

    CVV From All Country In World Is Available.
    and You Can ask For Special Bin.
    We Search In Our Big Db.

    CVV Selling Option :
    We Checked Cvv B4 Sell You.
    We Replace Dead Cvv In 48 Hurs.

    CVV Selling Option :
    We Checked Cvv B4 Sell You.
    We Replace Dead Cvv In 48 Hurs.Fulls come with this info
    Firstname, Lastname, Address, City, State, Zipcode, Phone, SSN, Mother'sMaidenName, DOB,
    Driver's License # and state, Email pass , Verifiedbyvisa pass, Cardnumber, Expiry Date, CVV2,
    Employment, Position Held
    Bank pass, number, name, account number and Routing Number and other infoz.

    Dumps Pricse List:
    Usa:
    Visa Classic, MasterCard Standard - 15$
    Visa Gold | Platinum | Business, MasterCard Gold | Platinum - 30$
    Canada:
    Visa Classic, MasterCard Standard - 30$
    Visa Gold | Platinum | Business, MasterCard Gold | Platinum - 40$

    EU, UK:
    Classic/Standard =55$
    Gold/Platinum =75$
    Business/Signature/Purchase/Corporate/World =100$

    Other countries:
    MasterCard| Visa Classic - 40$
    Visa Gold|Platinum|Corporate|Signature|Business – 55$


    Sample Of Dumps:
    Track1 : B4096663104697113^FORANTO/CHRI STOPHER M^09061012735200521000000 ,
    Track2 : 4096663104697113=0906101273525 21

    372376064851003=0904051136147; PURCELL/JOHN
    5232258252218386=0904101000007 2500604

    4217642188250286=1011101803115 5200000;B42176421882 50286^POPOVICH/SHERRY ^10111018031155200000

    5472742570155205=11041010000070000000

    B5588320028938646^STOUGH/WILLIAM M ^110110101501029000000000000000000*5588320028938646=1101101015010290**

    B5528300065123784^HOLLAND/ JEREMIAH V ^120110100000001601000000286000000*5528300065123784=1201101016010286**


    B5588320041716144^HODGES /THOMAS L ^100710101501830000000000000000000*5588320041716144=1007101015018300**
    B5588450919403291^WARD/JENNI FER ^1202101000000000289000000*5588450919403291=12021010000028900**


    Bins List:
    ;Corporate And Debit For Italy: Banca di Sassari
    400325 - 1 (Other: 1 ),402041 - 2 (201: 2 ),402186 - 1 (201: 1 ),402360 - 12 (Other: 12 ),

    Debit;visa;Classic For Uk:HSBC Bank PLC
    465976 - 1 (201: 1 ),465950 - 3 (201: 3),465944 - 2 (201: 2 ,465943 - 2 (Other: 2 )465941 - 1 (201: 1 )

    Credit,Visa,Classic For France:Caisse National
    497671 - 1 (201: 1 ),497601 - 1 (201: 1 ),497546 - 1 (201: 1
    ),497539 - 1 (201: 1 )

    DEBIT;mc;STANDART For Spain:MASTERCAJAS S.A.
    554013 - 1 (101: 1 ),554001 - 1 (201: 1 ),554001 - 1 (201: 1 )553435
    - 1 (201: 1 )

    Gold,Platinum,Business,Small Corporate For Us:unknown;amex
    371756 - 1 (Other: 1 ),371745 - 2 (Other: 2 ,371726 - 1 (Other: 1 ,371707 - 1 (Other: 1 ,372050 - 1 (Other: 1 ,

    DEBIT;mc;WORLD;;; For Us: - CHASE BANK USA, N.A.;
    546615 - 1 (101: 1 ),546615 - 1 (101: 1 ),546604 - 2 (101: 2 ),


    Bank Login :
    Bank Login From Usa And Eu And Uk And Asia Is Avaiable.
    Available Bank Login With They Are Screen Shot A Side :

    Abbey (Screen Shot Link):
    HSBC(Screen Shot Link):
    Chase(screen Shot Link):
    HDFC Bank(Screen Shot Link):
    BOA(Screen Shot Link:
    Bank Of America(Screen Shot Link):- http://i37.tinypic.com/14j3lmx.png - Online


    And We Have Good Service For Bank Transfering For You .
    And Our Service Is Very Fast And Safe And immediate .

    BankLogins Prices:

    BALANCE IN CHASE ..........70K TO 155K ========160$
    BALANCE IN BOA..........75K TO 450K==========300$
    BALANCE IN COMPASS..........ANY AMOUNT=========300$
    BALANCE IN ABBEY..............82K ===========700$
    BALANCE IN HSBC.................50K========350 $


    Be Very Carefull When Dealing With Someone Dnot Loose Your Money To Fucking Rippers
    And We Hope To Give The Best Stuff You Will Love Dont Forget That We Need More Customers.

    Contact Details
    ------------------------------------------------------
    Yahoo Id: Duong_bmt50

    Yahoomail: Duong_bmt50@yahoo.com

    Icq: 624558010

    -- My Private Email: Duong_bmt50@hotmail.com

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    wilson, Sep 1st, 2010 @ 8:45pm

    hello

    all these things you guys doing here is fake inorder to get money from guys posting alot of things in here

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    Salvatore, Jun 1st, 2012 @ 1:08pm

    Carding

    I have cc top up,.rdp,smtp, socks, dumps without pin, cvv all countries, shopping etc. contact me at devilmugu99@yahoo.com..cheers

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This