From: William Knowles (wkC4I.ORG)
Date: Mon Mar 27 2000 - 21:53:03 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.internetnews.com/ec-news/article/0,2171,4_328071,00.html

Before he was arrested by police in Wales last Thursday, the online
credit card thief who called himself "Curador" worked as an e-commerce
consultant, his former boss revealed Monday.

As previously reported, an 18-year-old man in Clynderwen, Wales was
arrested Thursday in connection with break-ins at nine e-commerce
sites in recent weeks. Under U.K. law, Curador's name was not released
by police, but the Britain's Daily Telegraph reported Saturday that
Curador's real name was Raphael Gray. The true name of his accomplice,
who was also arrested, was not disclosed.

While he was allegedly breaking into online stores in the United
States, Canada, Thailand and Great Britain, Gray was also working to
develop an e-commerce strategy for Console King, a mail-order company
in Narberth, Wales.

According to Sam Lee, managing director, the retailer of video games
and DVDs hired Gray around Christmas 1999 on the recommendation of a
job recruitment firm.

"[Gray] told us that he worked for several companies, including a
subsidiary of Microsoft. And he showed us some of the work he had
done, and it was pretty good. As far as we knew, he had no criminal
record," said Lee.

Console King paid Gray about US$6.50 to build the company an online
storefront. But Lee said he fired Gray in the beginning of March after
Gray began failing to show up for work. Only last week did Lee know
that Gray had allegedly been involved in the online theft of about
26,000 credit cards over the course of six weeks.

"We couldn't believe it. He's put my company and my staff in jeopardy.
He's so stupid he doesn't know what he's done," said Lee, who added
that Console King has tightened security at its site since learning of
Gray's true identity.

Gray has been released on bail and according to Lee has been seen on
the streets of Clynderwen, which has a population of 550.

FBI officials declined to comment on whether Gray had used any of the
stolen card numbers to place fraudulent orders. Britain's Daily Mail
newspaper quoted a detective who said police had confiscated "a pile
of stuff" from the homes of Gray and his accomplice.

Gray also apparently used a card stolen from an online retailer named
Albion's MO to register one of the sites where he posted stolen card
numbers and diatribes about e-commerce security. According to Robert
Koseluk of Carmel, Indiana, he received an unauthorized charge for
$198 to register and set up a site at free-creditcard.com. Gray also
apparently used a card stolen from Stacy Yaple of Jacksonville, Fla.,
to register another site, e-crackerce.com.

Lee of Console King said that Gray apparently had financial problems.
Lee also said Gray would often borrow small amounts of money from him.

"He never had any money. I had to lend him money for a haircut and for
lunch. He came into work stinking and wore the same clothes everyday.
I had to speak with him about his personal appearance and hygiene,"
said Lee.

At his Web sites, Gray has argued that he broke into other sites to
shame operators into improving their shoddy security. Tim Ward, owner
of feelgoodfalls.com, a site that Curador hit around the end of
February, said Curador has had his desired effect.

"There's some good that came out of this. We never intended to expose
anybody's card numbers, but what he did resulted in us being more
secure," said Ward, who revealed that his mother-in-law built the site
at feelgoodfalls.com using Microsoft StoreFront. In the wake of the
break-in, Ward has hired a security consulting firm to batten down the
hatches.

Michael Vatis, director of the FBI's National infrastructure
protection center, said Friday that regardless of a cracker's motives,
breaking into a site is still a federal crime.

"If someone gains unauthorized access to a computer that's engaged in
interstate or foreign commerce, that access is a federal crime,
whether the state of security is poor or excellent," said Vatis.

Reuters reported Sunday that one of the credit cards that Curador had
stolen belonged to none other than Microsoft Chairman Bill Gates. The
report apparently was based on information gleaned from one of
Curador's Web sites where he posted stolen credit card numbers.

But that site, which is mirrored here, contains information suggesting
the Reuters report is inaccurate. For example, the credit card number
Curador posted and claimed was Gates' has only 12 digits, and the
first four do not match any algorithms used by Visa, Mastercard,
Discover, American Express, or any of the other major credit card
companies.

A spokesperson for the U.S. Secret Service, which investigates credit
card fraud, would not comment on Curador's claims, although he did say
that the card appeared to be missing numbers.

*-------------------------------------------------*
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions http://www.c4i.org
*-------------------------------------------------*

ISN is sponsored by Security-Focus.COM

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]