The Department of Justice indictment alleges that, after the gang collected the information from the different chains, members concealed the data in encrypted computer servers in Eastern Europe and the U.S. They allegedly sold some of the credit and debit card numbers via the Internet to other criminals in the U.S. and Eastern Europe. The stolen numbers were “cashed out” by encoding card numbers on the magnetic strips of blank cards; the defendants then used these cards to withdraw tens of thousands of dollars at a time from bank machines, according to the Department of Justice.
The alleged criminals are:
Albert “Segvec” Gonzalez, Christopher Scott, and Damon Patrick Toey, all from Miami, Florida.
Maksym “Maksik” Yastremskiy, of Kharkov, Ukraine.
Aleksandr “Jonny Hell” Suvorov, of Sillamae, Estonia.
Sergey Pavolvich, of Belarus.
Dzmitry Burak and Sergey Storchak, both of the Ukraine.
Hung-Ming Chiu and Zhi Zhi Wang, both of China.
a John Doe known only by the online nickname “Delpiero.”
Gonzalez, Yastremskiy, and Suvorov are the only ones in custody. This isn’t Gonzalez’ first brush with the law. He’s acted as an informant in the past for similar crimes involving access device fraud. He now faces life in prison.
According to reports, the brazen criminals left encrypted messages to each other on TJX’s networks.
Note to those of you still using WEP to secure your wireless networking: so was TJX. WEP is easily crackable. Use a stronger encryption scheme, such as WPA.