It is likely to be the biggest theft in history, with regard to the misappropriation of credit and debit card data. US authorities announced the arrest of a 28-year-old man responsible for the alleged theft, who in the course of his criminal activities had the help of two Russians.
Miami computer technicians arrived at the data violating access to the databases of five companies. The targets were chosen from the list of the 500 largest companies in the world, published annually by Fortune.
Once on the websites, criminals looked for weaknesses and used them to reach databases with customer information. They also made visits to companies in order to understand what payment systems they used and in this way to better prepare the attacks, which started to be thought of in October 2006.
When they already mastered the credit and debit card operating system used by companies, the men went ahead with a SQL Injection attack, through which they entered the networks and stole credit card data. Then they were sent to servers in various parts of the United States, Latvia, Ukraine and the Netherlands, details El Mundo.
The next step was to sell the information to third parties, who would use it to make fraudulent purchases. In the information provided about the process, it is not possible to see if this objective has been achieved, with damage to the cardholders.
Only a few of the names of the companies involved have been revealed. Heartland Payment Systems, which processes card payments, was one of the victims, as were convenience store chain 7-Eleven Inc and Hannaford Brothers supermarkets.
Albert Gonzalez, the group’s leader, awaits the trial scheduled for September, where he will be sentenced to 20 years in prison. The young man awaits yet another judicial decision for being involved in another process of computer fraud, although this one of smaller dimension. In this first case, after all, only 40 million cards are involved.