Monday, May 12, 2008

TJX and Dave & Busters

If you've visited a Dave & Busters, you know these are a great place for grown-ups to go out and play. I've been to several events at the Atlanta location, and enjoy the Virtual Reality games there. I never thought I would see a Dave & Busters story come up on the news-ticker that I have watching for new TJX stories, but that is what happened this morning.

You will probably recall the story of Maksym Yastremskiy (Maksik), a Ukrainian citizen arrested in Turkey for his role in trading enormous volumes of credit cards which could all be traced back to the TJX debacle. He was back in the news today with two other hackers, Aleksandr Suvorov (JonnyHell) from Estonia, and Albert Gonzales (Segvec). The charges are that the first two ran a scam involving the installation of packet sniffers into thte cash register systems at 11 Dave & Buster's restaurants. Just the Islandia, New York location was credited with 5,000 customer's credit card data leading to more than $600,000 in fraudulent purchases. Segvec is charged only with "wire fraud conspiracy", in that he purchased some of this data from Maksik.

The indictment was posted on the ABC News website.

The 27 counts against the first two are:

Count One: Conspiracy to Commit Wire Fraud
(knowingly and intentionally conspiring to devise a scheme and artifice to defraud D&B, its customers, and the financial institutions that issued the customers' credit and debit cards, and to obtain money and means of materially false and fraudulent pretenses, representations and promises, and attempting to do so by means of wire communication in interstate and foreign commerce . . . )

Counts 2-5: Wire Fraud
(installing a packet sniffer, and reactivating it at D&B Store #2 in Islandia, New York, on 5/18/07, 6/9/07, 7/23/07, 8/14/07.)

Count 6: Conspiracy to Possess Unauthorized Access Devices

Count 7-9: Possession of Unauthorized Access Devices
(the "access device" in question being log files containing "15 or more credit and debit card account numbers".)
(Title 18, Section 1029(a)(3))
(Title 18, Section 1029(c)(1)(A)(i))

Count 10-12: Aggravated Identity Theft
(Title 18 Section 1028A(a)(1), (b), (c)(5))

Count 13: Conspiracy to Commit Computer Fraud
(Title 18 Section 371 and 3551)

Count 14-16: Unauthorized Computer Access Involving an Interstate Communication
(Title 18 Section 1030(a)(2)(C))
(Title 18 Section 1030(c)(2)(B)(i))

Count 17-19: Unauthorized Computer Access to Obtain Things of Value
(Title 18 Section 1030(a)(4))
(Title 18 Section 1030(c)(3)(A))

Count 20-23: Unlawful Transmission of Computer Codes
(Title 18 Section 1030(a)(5)(A)(i))
(Title 18 Section 1030(a)(5)(B)(i))
(Title 18 Section 1030(c)(4)(A))

Count 24-27: Interception of Electronic Communications
(Title 18 Section 2511(1)(a))
(Title 18 Section 2511(4)(a))

Oh yeah, and they are going to go for Criminal Forfeiture of all losses.

All the way back in June 2007, Maksik and Segvec are on the way towards losing their e-gold accounts, according to this testimony from US Secret Service agent Roy Dotson, who names e-gold account number 1751848 as belonging to Maksik, and 3584940 as belonging to Segvec.

From that affadavit:

“Segvec”: “Segvec” is a vendor of stolen financial information on the carding
website Makafaka and accepts payment for his contraband in e-gold. A search and review of the e-gold database revealed number 2464856 – which has as its contact name “segvec.” According to information related to me from agents of New Scotland Yard’s National Terrorist Financial Investigation Unit regarding email communications they had with Douglas Jackson in April 2007, Douglas Jackson was aware that “segvec” was a Ukrainian carder.

An analysis of “segvec”’s account number 2464856 yielded the following results:
The account was created in October 2005. There were 93 transfers into the account with a value of 1524.80951 grams ($845,545.60).

20 of the 90 transactions, which total 726.623113 grams ($410,750.00) and occur between February and May 2006, are transfer of funds from account 1751848, “Maksik’s Job”

“Maksik”: “Maksik” is a known vendor of stolen credit card information, stolen
financial accounts, and fraudulent Ukranian passports on the Shadowcrew, Mazafaka, and Carderplanet carding websites and accepts payment for this contraband in e-gold. A search and review of the e-gold database revealed account number 1751848, with the account name “Maksik’s Job,” and contact email addresses of and Several memo fields in the transaction record for e-gold account number 1751848 indicate carding activity, including, for example, “1-27 order amex” (i.e., an order for a stolen American Express credit card number), “Happy H4xOr Dumps” (i.e., stolen credit card information), “For 20 classics” (i.e., a type of credit card). A search and review of the e-gold database also revealed e-gold account number 3399565, with the account name “Maksik’s account,” and containing a contact email address of A review of this account also shows many transactions with other e-gold accounts controlled by known carders, including e-gold account number 2567183 (controlled by “Lord kaisersose” – a known vendor of stolen credit card information), and e-gold account number 2874688 (controlled by “u26" – a provider of credit card pre-authorization services to vendors)

Yastremskiy was arrested in Turkey in July 2007, where he remains in jail.

Suvorov was arrested in Germany in March 2008.

Gonzalez was arrested in Miami in May 2008 by the US Secret Service.

No comments:

Post a Comment

Trying a new setting. After turning on comments, I got about 20-30 comments per day that were all link spam. Sorry to require login, but the spam was too much.