Network News

X My Profile
View More Activity

TJX Hacker Indicted in Heartland, Hannaford Breaches

A federal grand jury has indicted three individuals for allegedly hacking into credit and debit card payment processing giant Heartland Payment Systems last year, as part of an investigation the Justice Department is calling the largest identity theft case ever prosecuted.

According to indictments returned Monday in a New Jersey federal court, the government believes the same individuals were involved in a string of high-profile data breaches between October 2006 and May 2008, including intrusions at Hannaford Brothers Co., and 7-Eleven, Inc.

In total, the government alleges the hackers stole data on more than 130 million credit and debit cards from Princeton, NJ-based Heartland.

Read the full story, at this link here. A copy of the indictment is available here.

By Brian Krebs  |  August 17, 2009; 3:31 PM ET
Categories:  Fraud , U.S. Government , Web Fraud 2.0  | Tags: hannaford, heartland breach, tjx  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Security Patch Catchup: Java, Safari & OS X
Next: TwitBlock Helps Root Out Spammy Followers

Comments

Note to hackers around the world, MOVE TO RUSSIA! U.S. laws do not apply in Russia and the Russian government does absolutely nothing to stop these criminals. Only Gonzalez will be prosecuted, but not the Russian hackers. Does this really solve anything?

Posted by: seraphina | August 17, 2009 9:22 PM | Report abuse

If the Feds can hammer Gonzalez, it will at least serve as a deterent for domestic miscreants, to discourage them from COOPERATING with their Russian co-miscreants. To belabor an obsession, the numbers indicate that the Martino crew of the Gambino family, perps of the first large internet theft, have millions of dollars set aside someplace when they get out of prison in a few years. If Gonzalez's Russian confederates are holding $ for him, he needs to be imprisoned enough years so that he never sees it.

And of course, kudos to Corporate America for its tireless efforts to protect its customers' data.

Posted by: featheredge99 | August 18, 2009 12:21 AM | Report abuse

big thunder...little rain here

Posted by: mjstanl | August 18, 2009 7:41 AM | Report abuse

You gotta wonder: are these hackers THAT good that they're able to break in to these systems no matter what measures the companies take to prevent such occurrences? Or do these companies simply neglect to place sufficient security implementations on their networks?

I heard that TJMaxx basically left their wireless network wide open when it was breached, so it's probably the ladder as opposed to the former.

Posted by: jive_turkey | August 18, 2009 9:19 AM | Report abuse

To jive_turkey: You mean latter, not ladder.

Posted by: cy31b | August 18, 2009 7:38 PM | Report abuse

I have the full indictment available as a PDF in a link at the bottom of my blog post if you want to read it.
http://www.modernbandit.com/2009/08/indictment-130-million-credit-card.html

Posted by: chazzcam | August 19, 2009 12:14 PM | Report abuse

Thanks, Jacka**.

To jive_turkey: You mean latter, not ladder.

Posted by: cy31b | August 18, 2009 7:38 PM | Report abuse

Posted by: jive_turkey | August 19, 2009 3:46 PM | Report abuse

BK,
the "soupnazi
or one of his aliases was the person(or one of his minions) who turned in lexisnexis, the teens. He deserves the life sentence he is facing.

Posted by: jaa1169 | August 19, 2009 11:12 PM | Report abuse

Another thing that is strange, there was a comment on wired.com, i made 2 other comments, now all three are gone...
another reason not to trust the press?
All three were there an hour ago. I just pushed that this "soupnazi" guy , with multiple aliases, was the one who turned in the lexisnexis people, while he was working with the fbi. Did i overstep my boundaries? i think not, this was public information. I hope A.G. enjoys his prison experience, after squealing on multiple teenagers and ruining their lives, after what HE has done. Good luck to you Alberto Gonzalez, snitcher, hacker, thief. Snitcher being the worst.
If this comment is not shown, i will know that the Wapost totally supports the unpopular position on healthcaRE, and I will truly understand the reason why newspapers are going down and bankrupt, and why more people are turning to blogs. BTW, do you own Wired?

Posted by: jaa1169 | August 20, 2009 12:08 AM | Report abuse

Of course the best deterrent is to get these 'institutions' to start thinking like - I was going to say banks but that's inappropriate today. But whatever: you cure the trouble at the source - you don't worry about extradition and all that. And at the source we have one whale of an issue because these people who have OPM just don't get it.

Posted by: Rixstep | August 20, 2009 6:25 AM | Report abuse

I don't see how these hackers are 'THAT' good. The Heartland site runs IIS/ASP which is like asking to get hacked. You wanna use SQL injection - fine. What matters is what you can do after you get away with that. And on a Microsoft web server nobody is going to stand in your way. As for these companies being so good at security - they're not. And that's the whole point. Most of them have their collective heads up you-know-what. As soon as people are willing to stop drinking the Kool-Aidâ„¢ they might realise what really needs to be done. But that's not going to happen anytime soon. Give people/corporations/whatever the choice between smart and demanding or stupid and easy and you know what they'll pick 99+% of the time. No shocks here, thank you.

Posted by: Rixstep | August 20, 2009 7:00 AM | Report abuse

@chazzcam Bk's got a copy too. Straight on the DOJ website, thank you.

Posted by: Rixstep | August 20, 2009 7:03 AM | Report abuse

Nice article Bk.

Posted by: dward__ | August 22, 2009 7:01 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company