A US federal grand jury has indicted three alleged hackers charged with stealing credit and debit card numbers from a national restaurant chain, Dave & Buster’s.
The 27-count indictment charges Maksym Yastremskiy of the Ukraine and Aleksandr Suvorov of Estonia include two charges of computer fraud, wire fraud, conspiracy to possess unauthorized access devices, aggravated identity theft, computer fraud and counts of interception of electronic communications, among others.
Suvorov was arrested by German officials in March and is in jail there pending German action on a US extradition request, the Justice Department said, while Yastremskiy was arrested by Turkish officials and a formal request for his extradition to the US has been made to the Turkish government.
A one count complaint charges Albert Gonzalez of Florida, aka “Segvec,” with wire fraud conspiracy related to the scheme. According to the complaint, Internet chat room conversations indicate Gonzalez provided the sniffer software used to intercept the credit and debit card numbers.
Gonzalez was arrested this month in Miami, Florida by the Secret Service.
Yastremskiy and Suvorov allegedly gained entry into 11 of the company’s cash registers that were linked to point of sale (POS) computer servers, installing a packet sniffer on the network.
The code was configured to capture card data as it moved from the restaurant’s point-of-sale server through the computer system at the company’s corporate headquarters to the data processor’s computer system.
The Justice Department said at one restaurant location the packet sniffer captured track 2 data, (which includes the customer’s account number and expiration date, but not the cardholder’s name or other personally identifiable information), for roughly 5 000 credit and debit cards, eventually causing losses of at least $600 000 to the financial institutions that issued the credit and debit cards.
“Operating from locations in the US and abroad, these defendants hacked into computer systems and stole credit and debit card data from unsuspecting victims for their personal enrichment,” assistant attorney general for the criminal division Alice Fisher said in a statement. “The Department of Justice will be vigilant against these online hacker schemes that harm the integrity of the marketplace and victimize the public.”
The data was illegally accessed from Dave & Buster’s company computer systems during the card verification and transmission process. Dave & Buster’s said it was alerted to the potential data intrusion in late August 2007 and immediately contacted the Secret Service.
The stores involved were located in Colorado, New York, Michigan, Illinois, Ohio, Florida, California and Texas. The thefts occurred from May through August 2007.