Biggest online credit card heist leaked to MSNBC

Yank whistle-blower overlooks The Reg, but we're not bitter


An unknown network intruder stole details of nearly a half million credit card accounts from an e-commerce site and tauntingly stored them on a US government computer, MSNBC reports. Credit card companies notified financial institutions, but many of the compromised accounts remain open because the banks neither closed them nor notified customers of the theft, the news service says. The theft occurred over a year ago, but only a few whispers have thus far been made public. The crime is mentioned in a letter dated 27 December from Visa USA to its member financial institutions. US Secret Service spokesman Jim Macken confirmed that the incident had occurred and added a few details in an interview with MSNBC on Thursday. "This government Web administrator noticed that a lot of the memory was chewed up for no reason, so he checked and found the file," Macken said. There was no evidence that any of the cards have been used fraudulently, he added. The letter leaked to MSNBC said that authorities had not identified the thief, but Macken said investigators have since traced the criminal to Eastern Europe. The investigation is continuing and involves diplomatic contacts with the country in question, he said. The Internet retail site from which the data was stolen has also been identified, but Macken declined to name it. MSNBC originally received a copy of the letter from an employee at the Navy Federal Credit Union, quoting federal authorities saying that the credit card information including expiration dates and cardholder names and addresses was stolen from an un-named Internet retail site by an intruder. Officials at the credit union took no action to warn customers whose account numbers were among those stolen, said the whistle blower. Instead, they ordered a spot check of 50 to 100 accounts and then decided that no further action was necessary, according to the source. The source said the credit union followed the same procedure two weeks later, when Visa alerted the institution of a separate theft of data on 300,000 credit cards from the CD Universe Web site -- the biggest theft of credit card data over the Internet previously made public. "It was decided that....it would be too much of an inconvenience and too costly to shut down the accounts and issue new numbers," said the source. "It was deemed not the credit union’s responsibility." Green Wall of Silence A spokeswoman for the credit union declined to return MSNBC's calls Thursday. Calls to American Express and several banks seeking information on their response when notified of the theft also went unanswered. Scott Lynch, a spokesman for Visa USA, told MSNBC he could not comment on the case. Alicia Zatkowski, a spokeswoman for Discover Financial Services, said the firm’s fraud investigators were not aware of such a case. Vincent DeLuca, vice president of fraud control at MasterCard International, said, "We are aware of some cases but we’re not at liberty to talk about any ongoing investigations." Several financial institutions ordered the replacement of cards that were compromised in the recent CD Universe case, also currently under investigation. Such replacement programs are normally well publicised in an effort to reassure consumers, MSNBC notes. Such wholesale compromises, on the other hand, are usually kept as tightly-guarded as possible, lest customers learn how poorly their personal data is protected by most commercial Web sites. We wonder how many other such incidents have yet to be revealed. Perhaps this outrageous incident will convince our elected officials that it's time for retail Web sites to be held accountable for their blunders. The current emphasis on expanded online law-enforcement is doomed. Only a trivial number of malicious intruders will ever be caught; indeed, not a single foreign intruder known to have compromised credit card information stored on US servers ever has been. US House Commerce Committee Chairman Thomas Bliley (Republican, Virginia) summed up the US Government's Pollyannaish view of e-commerce when he called it "the goose that lays the golden eggs" during a recent Internet conference at George Mason University. But the golden goose is already shaping up as an irresponsible little honking dictator. It will only get worse if e-commerce is allowed to continue developing without accountability. E-commerce demands tax exemptions; it demands a suspension of the normal rules of customer privacy protection; it demands self-regulation and market-driven solutions to all its various follies. Then it has its under-protected servers whacked by some fifteen-year-old script kiddie, and goes whingeing to the Secret Service or the FBI. It's not merely an ethical issue; it's practical as well. The outrages will continue -- and largely in secret -- until the dot.coms are forced, like the rest of us, to pay for their mistakes. ®


Other stories you might like

  • These Rapoo webcams won't blow your mind, but they also won't break the bank

    And they're almost certainly better than a laptop jowel-cam

    Review It has been a long 20 months since Lockdown 1.0, and despite the best efforts of Google and Zoom et al to filter out the worst effects of built-in laptop webcams, a replacement might be in order for the long haul ahead.

    With this in mind, El Reg's intrepid reviews desk looked at a pair of inexpensive Rapoo webcams in search for an alternative to the horror of our Dell XPS nose-cam.

    Rapoo sent us its higher-end XW2K, a 2K 30fps device and, at the other end of the scale, the 720p XW170. Neither will break the bank, coming in at around £40 and £25 respectively from online retailers, but do include some handy features, such as autofocus and a noise cancelling microphone.

    Continue reading
  • It's one thing to have the world in your hands – what are you going to do with it?

    Google won the patent battle against ART+COM, but we were left with little more than a toy

    Column I used to think technology could change the world. Google's vision is different: it just wants you to sort of play with the world. That's fun, but it's not as powerful as it could be.

    Despite the fact that it often gives me a stomach-churning sense of motion sickness, I've been spending quite a bit of time lately fully immersed in Google Earth VR. Pop down inside a major city centre – Sydney, San Francisco or London – and the intense data-gathering work performed by Google's global fleet of scanning vehicles shows up in eye-popping detail.

    Buildings are rendered photorealistically, using the mathematics of photogrammetry to extrude three-dimensional solids from multiple two-dimensional images. Trees resolve across successive passes from childlike lollipops into complex textured forms. Yet what should feel absolutely real seems exactly the opposite – leaving me cold, as though I've stumbled onto a global-scale miniature train set, built by someone with too much time on their hands. What good is it, really?

    Continue reading
  • Why Cloud First should not have to mean Cloud Everywhere

    HPE urges 'consciously hybrid' strategy for UK public sector

    Sponsored In 2013, the UK government heralded Cloud First, a ground-breaking strategy to drive cloud adoption across the public sector. Eight years on, and much of UK public sector IT still runs on-premises - and all too often - on obsolete technologies.

    Today the government‘s message boils down to “cloud first, if you can” - perhaps in recognition that modernising complex legacy systems is hard. But in the private sector today, enterprises are typically mixing and matching cloud and on-premises infrastructure, according to the best business fit for their needs.

    The UK government should also adopt a “consciously hybrid” approach, according to HPE, The global technology company is calling for the entire IT industry to step up so that the public sector can modernise where needed and keep up with innovation: “We’re calling for a collective IT industry response to the problem,” says Russell MacDonald, HPE strategic advisor to the public sector.

    Continue reading

Biting the hand that feeds IT © 1998–2021