In the largest and most complex case of identity theft in the United States, 11 people have been charged with stealing more than 40 million debit and credit card numbers, the Justice Department said Tuesday, dpa reported.
The indictments, by grand juries in Massachusetts, California, and earlier in New York, charged three US citizens, and one person from Estonia, three from Ukraine, two from China and one from Belarus with crimes including identity theft, fraud and conspiracy. One person was only known by an alias online.
The men used sophisticated computer hacking techniques, breached security systems and installed programmes that collected large quantities of personal financial data, which they then allegedly sold to others or used themselves, Attorney General Michael Mukasey told a news conference.
According to the Boston indictment, Albert Gonzalez and his co- conspirators got the card numbers by "wardriving" or hacking into the wireless computer networks of major US retailers over a period of five years. They installed "sniffer" programmes to capture the card numbers, password and account information.
The men concealed the data in encrypted computer servers that they controlled in Eastern Europe and the US. They allegedly sold some of the numbers on the internet.
The numbers that they didn't sell "cashed out" by encoding the card numbers on the magnetic strips of blank cards. The men then used these cards to withdraw tens of thousands of dollars at a time from ATMs, a Justice Department statement said.
The case demonstrates that computer crimes are not confined within national borders.
"The people accused of carrying out this scheme worked out of several different countries, and targeted retail operations without regard to jurisdiction. With the worldwide reach of the internet, criminals can now operate from almost anywhere on the globe to steal personal information from our citizens," Mukasey said.
The men targeted at least nine major US retail corporations, including the TJX Corporation, whose stores include Marshalls and TJ Maxx; BJ's Wholesale Club; Barnes and Noble; Sports Authority; Office Max and DSW shoe stores.
"This case highlights our increasing vulnerability to the theft of personal information. Computer networks and the internet are an indispensable part of the world economy. But even as they provide extraordinary opportunities for legitimate commerce and communication, they also provide extraordinary opportunities for criminals," Mukasey said.
He did not say whether all the victims were aware their identities had been stolen.