Hacking Ring Nabbed By US Authorities 146
Slatterz writes "The members of a hacking ring responsible for stealing more than 40 million credit and debit card numbers from retail organizations in the US have been caught and charged. The case before the US Department of Justice is believed to be the largest hacking and identity theft case ever prosecuted. The criminals allegedly obtained bank details by hacking into the retailers' computer networks and then installing 'sniffer' programs to capture card numbers and password details as the customers moved through the retailers' credit and debit processing networks."
Slashdot is days behind the news (Score:5, Insightful)
There used to be a time when you read tech-news first on slashdot. Nowadays I read it in my (Dutch) newspaper first (yep, the paper one that they actually have to print and deliver first) end a few days later it appears in /.
What the hell is wrong?
Re:Better Article (Score:5, Insightful)
whoever setup the hardware in these places needs to be held for criminal negligence
IANA(legal scholar), but this doesn't seem to fit the definition of criminal negligence for two reasons:
1) Doing a bad job at something and allowing others to come to harm isn't enough. Essentially, you must be aware of the risk of your actions (or inaction), or you must intentionally allow yourself too little information to make a proper decision.
2) I'm pretty sure that once you commit a negligent act, it has to be nature that takes something "the rest of the way." If your act simply allows someone else to commit a crime, then the crime falls the perpetrator, not you.
Keep in mind too, that I'm talking about criminal negligence. You can sue in civil courts on a much broader basis.
In fact, I find your entire comment rather ironic, since you imply that the recent crimes will be an excuse for some 1984-state to implement "MORE draconian measures," but then go on to suggest criminalizing what is essentially poor job performance.
Re:Hacking? (Score:3, Insightful)
Dear hackers,
You can't own a word. Get over it.
Re:Who foots the bill? (Score:3, Insightful)
Re:will there be changes? (Score:4, Insightful)
are security measures going to be changed with this revelation to the public?
If they secured credit cards so that there was no fraud, then how would the providers justify their exorbitant [unfaircreditcardfees.com] fees?
one time CC numbers (Score:3, Insightful)
Re:Who foots the bill? (Score:4, Insightful)
So, who foots the bill for this? The retailer, the credit card comany / debit card issuer, or the customer?
The credit card company raises my rates to cover their expenses, the government uses my taxes to pay for the investigation and prosecution, looks like I'm paying for it!
Dude, the customer pays for everything one way or another -- haven't you figured that out by now?
Re:one time CC numbers (Score:2, Insightful)
Maybe he/she was referring to the merchant fees (the part that actually goes to VISA). These are (for me) $0.50 transaction and 2% of gross.
Don't worry though, it's the customers, credit cards or no, that pay these fees in the end. SInce profits are low enough and it is a competitive business, without the fees, prices would be lower.
Re:will there be changes? (Score:3, Insightful)
In the example I have given the buyer only has to check that the amount is correct because all other modifications give them free groceries. The store only needs to ensure they match the format specified by VISA, and that the buyer's signature is valid. VISA takes most of the work, checking that the format is correct, the signatures are valid, the transaction id is unique for the seller, the buyer has enough credit, etc.
I'm sure there are holes, but it's a hell of a lot better than what we have now.
I'm surprised that we even still use signatures now. It seems like no cashier actually looks at them, or could tell if there is even a difference. There is a strong part of me that would like the credit/debit card industry to add various biometrics that would at least be scanned by a machine so we'd actually have some ID verification other than the damn PIN number.
I think that the credit card companies are stuck at the moment. They'd like to actually throw out a few more security measures, but it would cost retailers money to add the biometric scanners. We could end alot of ID theft if a finger print was required to be sent with each purchase. If some one stole your card, they'd also have to have a means to forge your finger prints to use it most places. It won't stop these professionals as they'd figure out ways around any system in a few months, but for all the less casual ID thefts that go on, it would make detecting ID fraud and criminals far, far easier.
Sort of Frightening (Score:4, Insightful)
The people arrested were in several nations. What is unusual and a bit frightening is that it seems like they were able to get arrest warrants or whatever was needed crossing international lines really quickly. It almost seems like some uber government organization was at work on this affair.
Re:Defendant worked for the Secret Service (Score:3, Insightful)
Uh, no. It is law enforcement's job to apprehend people who have committed a crime. It is not their job to ride shotgun on people who have in the past committed crimes, only to catch them again if they repeat.
Re:will there be changes? (Score:3, Insightful)
Or you could.. ya know.. discover that there's vulnerabilities inherent in the system and just use cash instead. Using cards (even debit) causes price inflation. Cash is king.
But your cash is counterfeit. Please step to the side and speak with the nice policeman. Thank you.