From: Greg Kellogg (gregdunechaser.org)
Date: Mon Jan 12 2009 - 09:21:29 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://cards-and-unsecured-business.blogspot.com/2009/01/local-credit-card-numbers-stolen.html

Two men are in custody and under investigation by the FBI in an
identity theft scheme that victimized 2,500 Cache County residents,
Smithfield police officials said Wednesday.

In late 2008, San Francisco police served a search warrant on a Bay
Area hotel room where detectives found multiple computers and a
machine that manufactures magnetic strips used on the back of credit,
debit and gift cards, Det. Travis Allen said.

In the computers’ hard drives were the credit card numbers of Cache
County residents, many of whom had been notified by their banks of
fraudulent charges on their accounts, Allen added.

Smithfield police say they received an unusual number of credit card
fraud claims in the fall of 2007.

“We finally found one common factor among everybody that was calling
us: They had all used the Family Fun Box,” Allen said.

The DVD-dispensing machines were located in the Summit Creek Sinclair
gas station and Lee’s Marketplace in Smithfield. A third operated in
the Wellcome Mart in Wellsville.

“We thought maybe somebody had a credit card reading device attached
to the machine,” Allen said. “We couldn’t find anything and thought,
maybe it’s being internally hacked somehow.”

Smithfield police learned the machines store no account information
but encrypt card numbers before sending them to a merchant processor
in Dallas, Texas.

The company, Teleasy Corporation, told Smithfield police its servers
had never been hacked and that it would know if they had, Dunn said.

Police reports show the unauthorized charges were taking place in
Northern California, Illinois, even Spain.

“We did find some instances where someone had gone to a boat shop in
Florida and spent several thousand dollars,” added Allen. “In
Smithfield, I think we had about 55 victims and over $100,000 in
losses.”

Investigators extracted a hard drive from one of the DVD machines and
sent it to a computer forensic lab in Salt Lake City where specialists
told police there was no evidence of local tampering.

“They could show no compromise to the hard drive,” said Allen. “One
thing we don’t know is how the suspects obtained the information.”

Allen presented his findings to the Utah Attorney General’s Office and
later to the FBI’s Cyber Crimes Task Force.

Information was distributed to national law enforcement agencies and a
tip came when police in California responded to a Longs Drug Store
where an individual was allegedly trying to use a gift card that was
traced back to a stolen credit card number, Allen said.

An investigation led to the search of a Bay Area hotel where two males
were arrested and charged with various crimes, Allen said.

Smithfield police say the names of the individuals have not been
released at the request of the U.S. Attorney General’s Office.

“Travis has done an exceptional job on this case” said Smithfield
Police Chief Johnny McCoy. “And through the course of that, we’ve
identified 2,500 victims just within our area.”

Todd Durrant, owner of the three Family Fun Box machines, said Friday
he’s stopped running his business.

“The machine at Lee’s was half my business,” he said. “And when that
was gone I didn’t have the income and still had loans to pay on the
machines.”

Durrant said he experimented with a cash-based membership card for
customers who still used the kiosks but business slowed.

“I would love to see whoever does this kind of crime get what’s coming
to them,” he said. “They don’t even see the faces of the people they
hurt.”
_______________________________________________
Dataloss Mailing List (datalossdatalossdb.org)

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]