Ukrainian Arrested In India For TJX Data Theft

ComputerWorld reports "A Ukrainian national has been arrested in India in connection with the most notorious hacking incident in US history." "Sergey Valeryevich Storchark was one of 11 men charged in August 2008 with hacking into nine US retailers and selling tens of millions of credit card numbers. He was arrested in India earlier this week, according to a spokesman with India's Central Bureau of Investigation (CBI). In a statement, the CBI said they'd arrested Storchark in New Delhi on the night of May 8, as he deplaned from a flight from Goa, for layover before a flight to Turkey. US authorities had asked for his extradition via diplomatic channels. ... 'His extradition and prosecution would have been very unlikely had he reached his final destination of Ukraine,' the CBI said."

principle of "attractive nuisance"

[peter303]

Like leaving a pile of gold out on your front lawn. Hard to resist.

Re:

[timeOday]

Well, maybe enough successful prosecutions will make it easier for those so inclined to restrain themselves. I sure hope so.

Re:principle of "attractive nuisance"

[blair1q]

That's not attractive nuisance. An attractive nuisance is something that is inviting but dangerous to children, like an unfenced swimming pool or a broken swingset. A pile of gold may be inviting, but it's not dangerous. And attractive nuisance isn't a mitigating factor in charges against the child, it's a charge against the person who left the nuisance where it could do harm to the child.

Stealing others' property is never excused by "they should have locked it up" arguments. Nor is hacking into others' computers.

Re:

[blair1q]

TJX is liable. There's no question of that. But not for an attractive nuisance. Merely for negligence in disclosing valuable information entrusted to them.

Great

[adeft]

Identity fraud-related crimes really hurt. Had my information stolen by someone that worked at the HQ of my bank at the time.

Re:shoot him

[Locke2005]

Don't shoot them. Just release all their personal details to everyone whose information they stole. Probably at least one of the victims is unstable enough to track the bastard down and exact revenge for the whole group of victims... especially true if we're talking about millions of victims.

I had an incident where somebody ordered an item with my wife's credit card and had it shipped to another address. When we complained that this transaction was not authorized, they took it off my wife's account, but refused to disclose the address the item had been shipped to, citing "privacy" concerns. Hold on -- people are allowed to commit fraud but still retain their "right" to privacy?!? If it's my account, I have a right to disclosure of full details on every transaction! Again, provide full disclosure, and eventually the criminals will attempt to screw over the wrong person -- which is win-win for the rest of us.

Re:

[Anonymous Coward]

Again, provide full disclosure, and eventually the criminals will attempt to screw over the wrong person -- which is win-win for the rest of us.

The problem with that is that in North America, the company might get sued for criminal negligence if they gave out that info and a vigilante took the law into their own hands and went a little too far with their street justice. The truth is that vigilantism is still taboo here, and with good reason, so these companies have due-diligence policies that they only release said information to the authorities if said authorities choose to proceed with a legal investigation. The fact is that you neither own the

Re:

[blair1q]

Report the fraud to the police. They will ask a judge, nicely, to look into the "private" data, and then they will arrest, try, convict, and punish the perpetrator.

That is, if it's above the baseline for their enforcement budget for the year, and they don't have something serious to deal with.

But you can only do that if it's still costing you money.

Once the credit-card company comped your account, you no longer had a case, but they did, so it's their concern, not yours.

But watch all your other financial acc

Re:

[Monkeedude1212]

I think I would have asked for the address before reporting it as fraud.

Re:

[heteromonomer]

Absolutely agree. Somebody had ordered a $1500 TV on Bestbuy with my credit card. I am always careful, almost paranoid about security and privacy, and even have a paid fraud-alert and id theft monitoring service (which I wonder if it is worth, or even dangerous in itself) on my credit cards. I complained and the bank took it off my account. But the joke is that they wouldn't tell me what the shipping address was (why the fuck not??) and what's worse, even what they are going to do about it. Like what the re

Belongs in Prison

[CSHARP123]

Identity theft is a big problem to deal for the victim. One of my friend took nearly 3 years to clear all the crap these guys pull. These scum bags belong in prison for life.

Re:

[account_deleted]

Comment removed based on user account deletion

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[blair1q]

The reason that happens is that people moving and requesting new accounts happens thousands of times a day, so banks consider it much more costly to vet those activities than to chase down the few frauds who slip into line.

And they really, truly, don't give a flying fuck how much it costs you to clear up anything that doesn't directly involve them. It doesn't enter into their forecasts, and they don't waste time agonizing over it. They're too busy analyzing politicians for malleability, because stopping r

Re:

[CSHARP123]

No doubt banks are culpable in the kind of crap you have mentioned. I am talking about people who deliberately break into peoples account and commint fraud. This is what the case here being discussed.

Re:

[SkunkPussy]

yes exactly - adding larger sentences doesn't really decrease the chance of people committing the crimes. Particularly for "irrational" crimes.

Re:

[EdIII]

I have a big problem with that. Prison for life is not only very costly, but you would be surprised what just 10 years is like in prison.

On another note, why does he get to go to prison for life, but all those wonderful human beings that:

- Set up securitized mortgages and played fast and loose with mortgage notes.
- Bypassed the court systems by creating non-judicial foreclosures where you could not even complain it was the wrong company or they could not produce the note
- Stole billions, still not a widely

Re:

[russotto]

Yeah. Those identity thieves need to be put in prison for life at our expense, but Wall Street douchebags get bailed out with our taxes and allowed to enjoy their freedoms.

Who said anything about that? As far as I'm concerned the crooked douchbags can share a cell with the identity thieves.

Re:

[EdIII]

My point is that the identity thieves make off with less than $100k per person. Usually far less than that. I went through identity theft myself and my losses were really only around $1000 out of pocket to pay a law firm to hammer the f*ck out of the reporting agencies to get the bad stuff removed. Even with liberal estimates for my time and credit line loss, whatever, it had to have been less than $10,000.

What happened on Wall Street and with real estate resulted in theft and losses of property in the b

Re:

[mrmeval]

The scumbags in the financial sector and the politicians who eat their shit share most of the blame for this. The politicians need to put the burden on the financial institution who will then have to bleed money or fix their shit.
 

Should have stayed in the Ukraine

[phantomcircuit]

Epic fail... the Ukraine is basically the world center of Internet crime and it's because nobody ever gets caught there.

Re:

[Locke2005]

No, if they are going to run an unsecured wireless network with access to customer credit card data, they deserved to be made financially responsible for all transactions made using the leaked data. I suspect being responsible for a multi-million dollar write-off might be somewhat limiting to one's career in IT.

Deplane

[EdtheFox]

...as he deplaned from a flight...

Who uses that word?! and Is there anyone over the age of 35 that doesn't think of Hervé Villechaize [wikipedia.org] when you hear the word deplane?

Re:

[Monkeedude1212]

I think it was the Indian Central Bureau of Investigation trying to sound cool using one of those English prefixes while simultaneously verbing a word. All the new kids are doing it.

Just like how I insandwiched my lunch, after devanning and unexitted my work.

lifelock?

[jaryd]

Shoulda signed up...suckers!

Now if they could only arrest Canadian Pharmacy

[merc]

According to ROKSO [spamhaus.org] the folks who run the Canadian Pharmacy run out of the Ukraine. I'd have to say they are the most annoying bastards I've ever seen, at least as far as spammers go. I'm waiting for the day when they get their come upppance. I hope I live to see it.

"identity" "theft"

[FuckingNickName]

Your identity is never stolen. It's as much a misnomer as "piracy".

What usually happens is that private corporations penalise you because they've put you in some set of lame risk databases they use, and it turns out that your entries were filled against your favour as a result of the actions of someone else.

It's your own (plural, every one of you) fault for putting so much trust and reliance on the convenience of the good ol' entry in a database by which your life is made or broken.

off to the call center for you!

[cstacy]

Maybe they will imprison him in Hyderabad and force him to work in a call center handling people's personal information! http://news.bbc.co.uk/2/hi/south_asia/8677486.stm [bbc.co.uk]