Digital Identity Blog

Thought leadership for cybersecurity, fraud and digital channel professionals

They Ran Off With 44,000 Credit Card Numbers — But They Couldn’t Hide.

Posted
ThreatMetrix
By ThreatMetrix
ThreatMetrix®, The Digital Identity Company®, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,000 customers globally through the ThreatMetrix Digital Identity Network®, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches.
Follow ThreatMetrix ThreatMetrix's Most Recent Posts:

When told his opponent was going to rely on a “hit and run” strategy, legendary heavyweight champion Joe Louis, whom the media dubbed the Brown Bomber, famously replied, “He can run, but he can’t hide.”

Two hackers, who allegedly stole 44,000 (and very possibly many thousands more) credit card numbers, thought they could run and hide. But, as reported by the Associated Press, U.S. Attorney Jenny A. Durkan said, “People think that cyber criminals cannot be found or apprehended. Today we know that’s not true. You cannot hide in cyberspace. We will find you. We will charge you. We will extradite you and we will prosecute you.”

One hacker, twenty-one-year old David Benjamin Schrooten (aka “Fortezza”), was arrested in Romania; his accomplice, twenty-one-year old Christopher A. Schroebel in Maryland. Schroebel has pleaded guilty to federal charges and is awaiting sentencing.

The crime came to light last November. A Seattle restaurant owner called police after several of his customers suddenly had suspicious charges on their cards. Some were charged $70 to $80 in as little as 10 minutes after using their cards at the restaurant. Admittedly, seventy to eighty bucks could raise a person’s suspicions. But that would depend how upscale the restaurant was. We imagine you’d really feel like you smelled a rat if you were dining at Taco Bell. Boggles the mind, not to mention the arteries, if the charges at a Taco Bell were legitimate. (Note to Taco Bell. We were just “funnin”.)

Anyway, speaking of charges, Schrooten is being charged by federal prosecutors with hacking into computers and stealing massive amounts of credit card numbers. According to a cnet.com story, Schrooten then sold the numbers in bulk on a number of Websites that he and Schroebel had created.

The 44,000 credit card numbers Schrooten’s been charged with stealing are from only one sale. This leaves consumers, banks, prosecutors and police to wonder just how bad the theft will turn out to be when all the “cards are counted.”

The AP says Schroebel, Schrooten’s alleged partner-in-crime, was tasked with putting spyware in the sales systems of dozens of businesses.

As things stand, Schrooten faces device fraud, identity theft and twelve other federal counts in an investigation that police say is ongoing.

The good news is the bad guys got busted. The bad news is they caused a gigantic amount of hassle and cost consumers and businesses uncounted losses before they were busted.

If there’s a lesson to be learned (other than the bad guys learning that they really can get caught), it’s that businesses have to be constantly on their guard to protect their online assets and their customers.

ThreatMetrix
By ThreatMetrix Posted