[ISN] Secret Service Busts Four Fraudsters With Ties To T.J. Maxx Attack

From: InfoSec News (alerts@private)
Date: Fri Jul 13 2007 - 00:05:11 PDT


By Larry Greenemeier
July 12, 2007 

A recent Government Accountability Office report noted the difficulty of 
linking data theft to identity theft, but the U.S. Secret Service is 
having no such problems. The agency earlier this week said it has 
arrested and indicted four members of an organized fraud ring in South 
Florida, charging each of them with aggravated identity theft, 
counterfeit credit-card trafficking, and conspiracy. And the Secret 
Service has been able to trace the origin of the data used to perpetrate 
this identity theft and fraud back to the theft of millions of customer 
records from T.J. Maxx parent company TJX and from Polo Ralph Lauren.

The South Florida bust resulted in the recovery of about 200,000 stolen 
credit card account numbers used in fraud losses roughly calculated to 
be more than $75 million. Agents also seized two pickup trucks, $10,000 
cash, and one handgun in connection with the case.

TJX reported late last year that it suffered an unauthorized intrusion 
or intrusions into portions of its computer system that process and 
store information related to credit and debit card, check, and 
no-receipt merchandise return transactions. This admission that customer 
information -- more than 45 million records -- was stolen from some 
stores dating back to 2003 opened the floodgates to lawsuits from store 
customers afraid of identity theft and from financial institutions whose 
customer service costs have increased as a result of worried clients. 
Polo Ralph Lauren in April 2005 suffered a data breach through which 
180,000 customer records were exposed.

TJX claimed in a June regulatory filing that it does not know "who took 
this action, whether there were one or more intruders involved, or 
whether there was one continuing intrusion or multiple, separate 
intrusions." TJX has already spent $20 million, or 0.5% of net sales for 
the quarter, related to the intrusion. The money has gone toward 
investigating and containing the computer intrusion, improving the 
company's computer security and systems, communicating with customers, 
and technical, legal, and other related costs, the company stated.

Law enforcement continues to chip away at the mystery. The Secret 
Service's Miami Electronic Crimes Task Force, working with the agency's 
Nashville field office, earlier this year arrested a 30-year-old Florida 
man -- who used the online handle "Blinky" -- and his girlfriend. Blinky 
is accused of trafficking counterfeit credit cards and identifications 
for years over the Internet. His arrest turned up evidence of an 
organized fraud ring involving Cuban nationals operating in South 
Florida and led to the four arrests and indictments announced this week. 
The fraudsters were sending large amounts of money via E-Gold accounts 
to known cybercriminals in Eastern Europe in return for tens of 
thousands of stolen credit card account numbers. The stolen credit card 
account numbers were then used to counterfeit credit cards in "plants" 
throughout southern Florida, the Secret Service said in a statement.

Law enforcement has been critical of E-Gold for acting as a conduit for 
money flowing into criminal enterprises. A federal grand jury in late 
April indicted E-Gold, Gold & Silver Reserve, and the owners of these 
digital currency businesses on charges of money laundering, conspiracy, 
and operating an unlicensed money transmitting business.

However, E-Gold chairman Douglas Jackson disputes these charges and 
asserts that his company first brought Blinky to the attention of law 
enforcement in March 2006. Jackson told InformationWeek that 
investigators working for E-Gold began monitoring Blinky pursuant to an 
undercover operation it was conducting with law-enforcement agents from 
the U.S., U.K., and Russia. "In May 2006, working with records supplied 
by an exchange service that had sold him some E-Gold, we were able to 
supply general location (Miami), three confirmed phone numbers he used, 
and the usual IP/timestamp combos that even in this day and age are 
often useful," Jackson said.

This isn't the first time that customer data stolen from TJX has been 
used to commit fraud. In March, the Florida Department of Law 
Enforcement confirmed TJX customer data was used to make the fake credit 
cards that were used to purchase about $8 million in Wal-Mart and Sam's 
Club gift cards. The fraudsters hit stores in 50 of Florida's 67 

All of this has meant headaches for TJX. In March, the company received 
a civil investigative demand from the Massachusetts Attorney General's 
office seeking documents about the computer intrusion that led to the 
theft of customer data. This was followed by similar demands from other 
states' attorneys general. TJX is also being sued by customers, 
financial institutions, and shareholders.

The TJX data breach may have worst-case-scenario written all over it, 
but "there's nothing different about TJX that couldn't have happened to 
someone else," Joshua Levine, managing director of Kita Capital 
Management and former CTO for E*Trade, told InformationWeek. "Everyone's 
just glad that it didn't happen to them."

The GAO's report aside, all companies should be more concerned about how 
they protect their customer data. "On a small scale, I think every 
corporation is comfortable that identity theft can and does happen, but 
as long as it happens on a small scale, it's a cost of business," Levine 
said, adding that TJX could ultimately be the case that changes all of 
this. "TJX is a turning point where we could turn it into a triumph 
rather than a disaster."

Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com

This archive was generated by hypermail 2.1.3 : Fri Jul 13 2007 - 00:20:59 PDT