Feeds

Biggest online credit card heist leaked to MSNBC

Yank whistle-blower overlooks The Reg, but we're not bitter

  • alert
  • submit to reddit

Security for virtualized datacentres

An unknown network intruder stole details of nearly a half million credit card accounts from an e-commerce site and tauntingly stored them on a US government computer, MSNBC reports. Credit card companies notified financial institutions, but many of the compromised accounts remain open because the banks neither closed them nor notified customers of the theft, the news service says. The theft occurred over a year ago, but only a few whispers have thus far been made public. The crime is mentioned in a letter dated 27 December from Visa USA to its member financial institutions. US Secret Service spokesman Jim Macken confirmed that the incident had occurred and added a few details in an interview with MSNBC on Thursday. "This government Web administrator noticed that a lot of the memory was chewed up for no reason, so he checked and found the file," Macken said. There was no evidence that any of the cards have been used fraudulently, he added. The letter leaked to MSNBC said that authorities had not identified the thief, but Macken said investigators have since traced the criminal to Eastern Europe. The investigation is continuing and involves diplomatic contacts with the country in question, he said. The Internet retail site from which the data was stolen has also been identified, but Macken declined to name it. MSNBC originally received a copy of the letter from an employee at the Navy Federal Credit Union, quoting federal authorities saying that the credit card information including expiration dates and cardholder names and addresses was stolen from an un-named Internet retail site by an intruder. Officials at the credit union took no action to warn customers whose account numbers were among those stolen, said the whistle blower. Instead, they ordered a spot check of 50 to 100 accounts and then decided that no further action was necessary, according to the source. The source said the credit union followed the same procedure two weeks later, when Visa alerted the institution of a separate theft of data on 300,000 credit cards from the CD Universe Web site -- the biggest theft of credit card data over the Internet previously made public. "It was decided that....it would be too much of an inconvenience and too costly to shut down the accounts and issue new numbers," said the source. "It was deemed not the credit union’s responsibility." Green Wall of Silence A spokeswoman for the credit union declined to return MSNBC's calls Thursday. Calls to American Express and several banks seeking information on their response when notified of the theft also went unanswered. Scott Lynch, a spokesman for Visa USA, told MSNBC he could not comment on the case. Alicia Zatkowski, a spokeswoman for Discover Financial Services, said the firm’s fraud investigators were not aware of such a case. Vincent DeLuca, vice president of fraud control at MasterCard International, said, "We are aware of some cases but we’re not at liberty to talk about any ongoing investigations." Several financial institutions ordered the replacement of cards that were compromised in the recent CD Universe case, also currently under investigation. Such replacement programs are normally well publicised in an effort to reassure consumers, MSNBC notes. Such wholesale compromises, on the other hand, are usually kept as tightly-guarded as possible, lest customers learn how poorly their personal data is protected by most commercial Web sites. We wonder how many other such incidents have yet to be revealed. Perhaps this outrageous incident will convince our elected officials that it's time for retail Web sites to be held accountable for their blunders. The current emphasis on expanded online law-enforcement is doomed. Only a trivial number of malicious intruders will ever be caught; indeed, not a single foreign intruder known to have compromised credit card information stored on US servers ever has been. US House Commerce Committee Chairman Thomas Bliley (Republican, Virginia) summed up the US Government's Pollyannaish view of e-commerce when he called it "the goose that lays the golden eggs" during a recent Internet conference at George Mason University. But the golden goose is already shaping up as an irresponsible little honking dictator. It will only get worse if e-commerce is allowed to continue developing without accountability. E-commerce demands tax exemptions; it demands a suspension of the normal rules of customer privacy protection; it demands self-regulation and market-driven solutions to all its various follies. Then it has its under-protected servers whacked by some fifteen-year-old script kiddie, and goes whingeing to the Secret Service or the FBI. It's not merely an ethical issue; it's practical as well. The outrages will continue -- and largely in secret -- until the dot.coms are forced, like the rest of us, to pay for their mistakes. ®

Security and trust: The backbone of doing business over the internet

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Why Oracle CEO Larry Ellison had to go ... Except he hasn't
Silicon Valley's veteran seadog in piratical Putin impression
Big Content Australia just blew a big hole in its credibility
AHEDA's research on average content prices did not expose methodology, so appears less than rigourous
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.