The men, a Ukrainian in custody in Turkey, an Estonian arrested in Germany in March, and a Miami man arrested by the U.S. Secret Service earlier this month, sold some of the data to online criminals who used it to make $600,000 worth of fraudulent purchases, the documents allege.

A 27-count indictment charges Ukrainian Maksym Yastremskiy and Estonian Aleksandr Suvorov with wire fraud, computer fraud, identity theft, illegal interception of electronic communication and various conspiracy charges. A one-count complaint unsealed Monday along with it charges Albert Gonzalez of Miami with wire fraud conspiracy related to the scheme.

The complaint describes Yastremskiy as "one of the biggest resellers of stolen credit card data targeted" by the Secret Service. It says he was arrested by Turkish police in July 2007 and is currently in custody there facing charges of trafficking in card data, in part based on another U.S. investigation, this one in southern California.

His laptop, a copy of which was provided to the Secret Service by the Turkish police, contained stolen data from "millions" of credit cards, says the complaint. The Justice Department said Monday a formal extradition request had been made to the Turkish government.

The indictment alleges that in May 2007 Yastremskiy and Suvorov hacked into the Dave and Busters corporate network and installed special software programs called "packet sniffers" on servers at 11 different restaurants in the chain. The programs copied data from credit cards swiped at the restaurants' registers as they were being sent from the server to be electronically verified by the companies that had issued the cards.

The packet sniffers stored the data in special log files, which Yastremskiy and Suvorov hacked into the network periodically to retrieve, the indictment says. The men also had to access the network to reset the sniffer programs, because -- owing to a law in the programming -- they closed down every time the server rebooted.

The complaint charges that Gonzalez wrote the packet-sniffer software for Yastremskiy and Suvorov, based on records of Internet chat sessions saved on Yastremskiy's laptop and on an analysis of the coding in the program carried out by a specialist from the Department of Homeland Security's Computer Emergency Response Team.

The specialist concluded that the sniffer used in the Dave and Busters intrusions and one used in a 2005 hack on a large U.S. retailer "appear to be two different versions of the same program and that in his experience, this underlying program is unique."

Experts say that the use by investigators and prosecutors of this kind of forensic analysis of malicious software is likely to grow, given the difficulties of identifying hackers by more conventional means.

Indeed, the complaint illustrates many of the difficulties of tracking criminals online, where anonymous e-mail and Internet chat accounts allow them to cloak their identity.

The complaint links Gonzalez to the chat sessions saved on Yastremskiy's laptop through a long series of associations to Internet addresses, e-mail accounts and screen names, including information from confidential informants about nicknames that he used.

The complaint says that Gonzalez was in custody in 2003, but neither the Justice Department nor the Secret Service was able to provide details about this, nor about the other investigations into Yastremskiy's activities.

"The illegal activities of the defendants remain under investigation," was all Laura Sweeney of the Justice Department would say.

The financial scale of the crime, and how many credit card numbers were compromised by the scheme, is unclear from the charging documents, which detail the accused men's access to a server at just one of the 11 restaurants where they installed the packet sniffers.

At that establishment, they stole so-called track-two data from more than 5,000 credit and debit cards. Track-two data, from the second of two tracks on the magnetic strip on the back of the credit card, includes the account number and expiration date, but not the cardholder's name or other personal information.

More than 670 of the stolen numbers were subsequently used to make fraudulent purchases, at a cost to the issuing card companies of more than $600,000, the indictment charges.

Suvorov was arrested by German officials at the request of U.S. authorities while he was visiting the country in March. He remains in jail there, pending action on a U.S. extradition request.

Community
Email This Article
Comment On This Article

Share This Article With Planet Earth

del.icio.us	Digg	Reddit
YahooMyWeb	Google	Facebook

Related Links
Cyberwar - Internet Security News - Systems and Policy Issues