Largest online theft ring busted

Eleven people have been charged for running a global identity theft ring that stole 40M account numbers from some of the nation’s largest retailers.

They allegedly did it by tapping into the wireless computer networks of such big box retailers as T.J. Maxx, Marshall’s, OfficeMax, Barnes and Noble, Boston Market and Sports Authority stores, as well as several other stores.

“This is the single largest and most complex identity theft case that has ever been charged in this country,” Attorney General Michael B. Mukasey said at news conference in Boston. The indictment “highlights our increasing vulnerability to the theft of personal information.”

The indictments, unsealed in Boston and San Diego, said the ring got the credit and debit card numbers by simply driving around the stores with a laptop computer and hacking into the wi-fi networks from the parking lots. It’s a technique known to hackers as “wardriving.”

“They used sophisticated computer hacking techniques, that would allow them to breach security systems and install programs that gathered enormous quantities of personal financial data, which they then allegedly either sold to others or used themselves,” said Mukasey in a press conference. “And in total, they caused widespread loses by banks, retailers, and consumers.”

Although based in the U.S., the ring also allegedly operated in Estonia, Ukraine and China. Three of the defendants are U.S. citizens from Miami, one is from Estonia, three are from Ukraine, two are from China and one is from Belarus.

One of the defendantsis accused of receiving $11 million in proceeds from selling stolen credit card information.