Home News Features & Contents Research Editorial
UK/European Site Product News Enewsletter Webinars Audio/Podcasts Events Recommended Links Contact
Subscriptions Magazine Registration Related Publications Forthcoming Features Advertising Information

In Partnership with:
16 May 2008

Hackers Indicted For Stealing More Than 5 000 Account Numbers at Dave & Buster’s

John Sterlicchi, US Bureau Chief,


A US federal grand jury has indicted three alleged hackers charged with stealing credit and debit card numbers from a national restaurant chain, Dave & Buster’s.

The 27-count indictment charges Maksym Yastremskiy of the Ukraine and Aleksandr Suvorov of Estonia include two charges of computer fraud, wire fraud, conspiracy to possess unauthorized access devices, aggravated identity theft, computer fraud and counts of interception of electronic communications, among others.

Suvorov was arrested by German officials in March and is in jail there pending German action on a US extradition request, the Justice Department said, while Yastremskiy was arrested by Turkish officials and a formal request for his extradition to the US has been made to the Turkish government.

A one count complaint charges Albert Gonzalez of Florida, aka “Segvec,” with wire fraud conspiracy related to the scheme. According to the complaint, Internet chat room conversations indicate Gonzalez provided the sniffer software used to intercept the credit and debit card numbers.

Gonzalez was arrested this month in Miami, Florida by the Secret Service.

Yastremskiy and Suvorov allegedly gained entry into 11 of the company’s cash registers that were linked to point of sale (POS) computer servers, installing a packet sniffer on the network.

The code was configured to capture card data as it moved from the restaurant’s point-of-sale server through the computer system at the company’s corporate headquarters to the data processor’s computer system.

The Justice Department said at one restaurant location the packet sniffer captured track 2 data, (which includes the customer’s account number and expiration date, but not the cardholder’s name or other personally identifiable information), for roughly 5 000 credit and debit cards, eventually causing losses of at least $600 000 to the financial institutions that issued the credit and debit cards.

“Operating from locations in the US and abroad, these defendants hacked into computer systems and stole credit and debit card data from unsuspecting victims for their personal enrichment,” assistant attorney general for the criminal division Alice Fisher said in a statement. “The Department of Justice will be vigilant against these online hacker schemes that harm the integrity of the marketplace and victimize the public.”

The data was illegally accessed from Dave & Buster’s company computer systems during the card verification and transmission process. Dave & Buster’s said it was alerted to the potential data intrusion in late August 2007 and immediately contacted the Secret Service.

The stores involved were located in Colorado, New York, Michigan, Illinois, Ohio, Florida, California and Texas. The thefts occurred from May through August 2007.

<< News index

Making Threat Management More Manageable

18th November, 2008 @ 3pm EST

register

Today’s Breaches, the Mandates for Compliance and How to Secure Data-in-Transit
Infosecurity magazine's John Sterlicchi interviews George Adams of SSH Communications Security Inc. about today's breaches, the mandates for compliance, and how to secure data-in-transit.

Available on demand

register




Infosecurity US © Copyright 2008, Elsevier Ltd, All rights reserved. Your use of this service is governed by Terms and Conditions. Please review our Privacy Policy for details on how we protect information that you supply.

 Terms & Conditions | Privacy Policy