Behind the Big Credit Card Scam

His Miami condo, his 2006 BMW, his Glock 27 firearm… | Beyond the Beyond from
At least hackers are still pitifully eager to rat out their friends to the Secret Service — the oldest tradition in the trade — but gee whiz, look at the level of global cooperation and the awesome sums of money contingent on being a major-league black-hat cracker these days. That almost beats the oil biz. Here’s the scoop behind the intrigue.

Three U.S. citizens are charged in the case. Three other defendants are from Ukraine, two in China and one each from Belarus and Estonia. A final defendant is charged only under his online handle, “Delpiero,” and hasn’t been tracked down.

In addition to TJ Maxx, the defendants are allegedly responsible for intrusions into BJ’s Wholesale Club, Boston Market, Barnes & Noble, Sports Authority, Forever 21, DSW and OfficeMax.

Among others named in the indictments is Maksym Yastremski, a Ukrainian currently in Turkish custody, who is alleged to be “Maksik,” well known as a top online seller of stolen credit and debit card information. Yastremski allegedly earned over $11 million selling stolen credit and debit card numbers and magstripe swipes from 2004 – 2006 alone.

Yastremski allegedly worked with Albert “Segvec” Gonzalez of Miami, who served as Maksik’s stateside hacker. Gonzalez and two other Miami men allegedly hacked into vulnerable wireless networks at TJ Maxx and other companies, where they’d plant packet sniffers to scoop up a total of 40 million credit and debit cards. TJ Maxx alone has spent $130 million dealing with the aftermath of the intrusion.

Gonzalez and Yastremski  were also charged in New York in May with an intrusion into the Dave & Busters restaurant chain.

But Gonzalez has also worked the other side. He was arrested in New Jersey in 2003 for credit card fraud, and began cooperating with the Secret Service, becoming the key informant in “Operation Firewall” — the government’s 2004 crackdown on the cybercrime supermarket  Under the handle “CumbaJohny,” Gonzalez convinced members of Shadowcrew to use a private VPN service that was monitored by federal agents, leading to the coordinated arrest of 28 members in October 2004.  But he also allegedly tipped off his co-conspirators to the operation, sparing them from the crackdown, the feds now say.

In the wake of Operation Firewall, the underground figured out that CumbaJohny was responsible. That’s when Gonzalez allegedly reinvented himself as “Segvec.” A member of the underground, speaking on condition of anonymity, said Tuesday that nobody suspected that CumbaJohny and Segvec were the same person.  “I always thought he was Russian.”

The feds were equally surprised to find Gonzalez behind the  wave of retail intrusions that followed Operation Firewall, they said Tuesday. “We immediately took action,” said Secret Service director Mark Sullivan. The government says the amount of credit cards stolen by Gonzalez makes him eligible for life imprisonment.

Gonzalez was under pre-trial court supervision from his New Jersey case while he allegedly performed the crimes, court records show. The government is seeking forfeiture of Gonzalez’s Miami condo, his 2006 BMW, a Glock 27 firearm, and a currency counter, among other things, as well as  $1,650,000 in cash.

The case is not the first time a Secret Service informant has been linked to ongoing crimes. Last year Brett Shannon Johnson, a 38-year-old man known online as Gollumfun, was sentenced to more than six years in prison for an identity theft tax-refund scam he conducted while working for the feds as a paid informant.

Gonzalez, Christopher Scott and Damon Patrick Toey are charged with computer intrusion and other crimes in the Boston indictment. The remaining defendants are charged in San Diego with trafficking in the stolen data: Yastremski; Aleksandr Suvorov of Estonia; Hung-Ming Chiu and Zhi Zhi Wang of China; “Delpiero”; Sergey Pavolvich of Belarus; Dzmitry Burak and Sergey Storchak of Ukraine.

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: