Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ukrainian Arrested In India For TJX Data Theft

kdawson posted more than 4 years ago | from the long-long-arm dept.

Crime 40

ComputerWorld reports "A Ukrainian national has been arrested in India in connection with the most notorious hacking incident in US history." "Sergey Valeryevich Storchark was one of 11 men charged in August 2008 with hacking into nine US retailers and selling tens of millions of credit card numbers. He was arrested in India earlier this week, according to a spokesman with India's Central Bureau of Investigation (CBI). In a statement, the CBI said they'd arrested Storchark in New Delhi on the night of May 8, as he deplaned from a flight from Goa, for layover before a flight to Turkey. US authorities had asked for his extradition via diplomatic channels. ... 'His extradition and prosecution would have been very unlikely had he reached his final destination of Ukraine,' the CBI said."

Sorry! There are no comments related to the filter you selected.

Commie arrested in terrorist country stealing from (-1, Troll)

Anonymous Coward | more than 4 years ago | (#32209784)

Commie arrested in terrorist country stealing from americans/ What a world!!

principle of "attractive nuisance" (0, Troll)

peter303 (12292) | more than 4 years ago | (#32209872)

Like leaving a pile of gold out on your front lawn. Hard to resist.

Re:principle of "attractive nuisance" (1)

timeOday (582209) | more than 4 years ago | (#32210646)

Well, maybe enough successful prosecutions will make it easier for those so inclined to restrain themselves. I sure hope so.

Re:principle of "attractive nuisance" (4, Informative)

blair1q (305137) | more than 4 years ago | (#32210892)

That's not attractive nuisance. An attractive nuisance is something that is inviting but dangerous to children, like an unfenced swimming pool or a broken swingset. A pile of gold may be inviting, but it's not dangerous. And attractive nuisance isn't a mitigating factor in charges against the child, it's a charge against the person who left the nuisance where it could do harm to the child.

Stealing others' property is never excused by "they should have locked it up" arguments. Nor is hacking into others' computers.

Re:principle of "attractive nuisance" (0)

Anonymous Coward | more than 4 years ago | (#32211068)

To play devil's advocate and point something out.

What TJX was doing was basically broadcasting people's credit card numbers over the air, unencrypted, potentially for miles around (depending on attenuation and signal propagation, etc).

If TJX were, for example, willingly and knowingly shouting them over the loudspeaker of the store, they would be liable JUST AS MUCH as the person who used them (who also did wrong).

Why, in this case, are they NOT liable? Simply because it was TCP instead of voice?

Interesting thought...

Re:principle of "attractive nuisance" (1)

blair1q (305137) | more than 4 years ago | (#32211378)

TJX is liable. There's no question of that. But not for an attractive nuisance. Merely for negligence in disclosing valuable information entrusted to them.

Great (1)

adeft (1805910) | more than 4 years ago | (#32209906)

Identity fraud-related crimes really hurt. Had my information stolen by someone that worked at the HQ of my bank at the time.

shoot him (0)

Anonymous Coward | more than 4 years ago | (#32209956)

shoot them all

Re:shoot him (4, Insightful)

Locke2005 (849178) | more than 4 years ago | (#32210298)

Don't shoot them. Just release all their personal details to everyone whose information they stole. Probably at least one of the victims is unstable enough to track the bastard down and exact revenge for the whole group of victims... especially true if we're talking about millions of victims.

I had an incident where somebody ordered an item with my wife's credit card and had it shipped to another address. When we complained that this transaction was not authorized, they took it off my wife's account, but refused to disclose the address the item had been shipped to, citing "privacy" concerns. Hold on -- people are allowed to commit fraud but still retain their "right" to privacy?!? If it's my account, I have a right to disclosure of full details on every transaction! Again, provide full disclosure, and eventually the criminals will attempt to screw over the wrong person -- which is win-win for the rest of us.

Re:shoot him (3, Insightful)

Anonymous Coward | more than 4 years ago | (#32210586)

Again, provide full disclosure, and eventually the criminals will attempt to screw over the wrong person -- which is win-win for the rest of us.

The problem with that is that in North America, the company might get sued for criminal negligence if they gave out that info and a vigilante took the law into their own hands and went a little too far with their street justice. The truth is that vigilantism is still taboo here, and with good reason, so these companies have due-diligence policies that they only release said information to the authorities if said authorities choose to proceed with a legal investigation. The fact is that you neither own the credit card number nor the account on the company's server, so you have no legal right to the information. If you have a problem with that, don't use the service.

Yes, it sucks that the credit card companies typically choose to write off small amounts of fraud because the police won't investigate small claims, but as long as the debt is theirs, it's their right. What really needs to be rectified is the credit bureaus that treat easily obtainable information as sufficient to establish an identity and leave the onus on the consumer to rectify errors in their database. We need to put the financial onus on them to maintain correct information in their DB, much like the onus on credit fraud is on the banks/creditors.

Re:shoot him (2, Insightful)

blair1q (305137) | more than 4 years ago | (#32211056)

Report the fraud to the police. They will ask a judge, nicely, to look into the "private" data, and then they will arrest, try, convict, and punish the perpetrator.

That is, if it's above the baseline for their enforcement budget for the year, and they don't have something serious to deal with.

But you can only do that if it's still costing you money.

Once the credit-card company comped your account, you no longer had a case, but they did, so it's their concern, not yours.

But watch all your other financial accounts; if your identity really was stolen, and it's not just a case of someone having your credit card number and using it on a website that doesn't actually check any identification, then you might see people opening bank accounts, applying for loans, starting businesses, etc. under your name.

Re:shoot him (1)

Monkeedude1212 (1560403) | more than 4 years ago | (#32211374)

I think I would have asked for the address before reporting it as fraud.

Re:shoot him (1)

heteromonomer (698504) | more than 4 years ago | (#32224210)

Absolutely agree. Somebody had ordered a $1500 TV on Bestbuy with my credit card. I am always careful, almost paranoid about security and privacy, and even have a paid fraud-alert and id theft monitoring service (which I wonder if it is worth, or even dangerous in itself) on my credit cards. I complained and the bank took it off my account. But the joke is that they wouldn't tell me what the shipping address was (why the fuck not??) and what's worse, even what they are going to do about it. Like what the results of their "investigation" were, and whether anyone was brought to book. The least I would like to know is which merchant caused this leakage of info. Nothing, no info, about how I was defrauded, and what I could've done to avoid the next fraud. Yeah, innocent until found guilty and all that. Sure. But once found guilty, either make the punishment harsh, or at least reveal full details. What I suspect is the banks don't even bother. Their investigation = hush hush, and writing off as a loss.

Re:shoot him (0)

Anonymous Coward | more than 4 years ago | (#32210334)

As someone who is still cleaning things up a year after getting his identity stolen, I have to say fuck that to shooting them. Burn them, soak them in bleach, pour acid into their eyes, ass-rape them and post it on YouTube, and dismember them slowly with a rusty knife. I hope these people die painfully, slowly, and are quite aware of just why it's happening. If someone made a real-world "Hostel" snuff film of these bastards, I'd watch it and laugh my dick off on a weekly basis. Die in a fire.

Re:shoot him (0)

Anonymous Coward | more than 4 years ago | (#32211456)

Who?

TJX IT staff? :-)

Belongs in Prison (2, Informative)

CSHARP123 (904951) | more than 4 years ago | (#32209992)

Identity theft is a big problem to deal for the victim. One of my friend took nearly 3 years to clear all the crap these guys pull. These scum bags belong in prison for life.

Re:Belongs in Prison (0)

Anonymous Coward | more than 4 years ago | (#32210138)

Not to eclipse the problems of the people whose personal information was compromised, it was also no fun to be one of the IT vendors who sold to TJX at the time, for fear that people would begin to associate your stuff with insecurity. Even if the bad WEP keys and the like were their own fault.

Re:Belongs in Prison (1)

Shakrai (717556) | more than 4 years ago | (#32210216)

Shit rolls downhill.....

Re:Belongs in Prison (5, Insightful)

Shakrai (717556) | more than 4 years ago | (#32210188)

These scum bags belong in prison for life.

Are you referring to the scumbag identity thieves or the scumbags in the financial sector that decided that someone entering a DOB and SSN on a website would be enough "verification" of identity to allow someone to open credit accounts?

I know someone who applied for and received a $25,000 line of credit from Citi online with no actual verification of who he was. His credit card arrived in the mail a few days later. He had recently moved and his new address wasn't even on his credit report yet. You'd think the fact that the card was going to a previously unknown address would be enough to set off a red flag but it didn't. All he did was apply online using information that any idiot who was willing to dumpster diving could have retrieved.

Re:Belongs in Prison (1)

blair1q (305137) | more than 4 years ago | (#32211130)

The reason that happens is that people moving and requesting new accounts happens thousands of times a day, so banks consider it much more costly to vet those activities than to chase down the few frauds who slip into line.

And they really, truly, don't give a flying fuck how much it costs you to clear up anything that doesn't directly involve them. It doesn't enter into their forecasts, and they don't waste time agonizing over it. They're too busy analyzing politicians for malleability, because stopping regulation earns them a 400-1000% ROI.

Re:Belongs in Prison (1)

CSHARP123 (904951) | more than 4 years ago | (#32212476)

No doubt banks are culpable in the kind of crap you have mentioned. I am talking about people who deliberately break into peoples account and commint fraud. This is what the case here being discussed.

Re:Belongs in Prison (0)

Anonymous Coward | more than 4 years ago | (#32210300)

These guys don't deserve to be in prison for life, I will save that for much more heinous crimes. Yes, identity theft can ruin someone's life, adding a larger prison sentence for a crime isn't going to deter the criminals anymore. Instead of putting all the blame on them, put some on our credit institutions (banks, credit card companies) for not having appropriate protections in place.

Re:Belongs in Prison (1)

SkunkPussy (85271) | more than 4 years ago | (#32210732)

yes exactly - adding larger sentences doesn't really decrease the chance of people committing the crimes. Particularly for "irrational" crimes.

Re:Belongs in Prison (2, Insightful)

EdIII (1114411) | more than 4 years ago | (#32211128)

I have a big problem with that. Prison for life is not only very costly, but you would be surprised what just 10 years is like in prison.

On another note, why does he get to go to prison for life, but all those wonderful human beings that:

- Set up securitized mortgages and played fast and loose with mortgage notes.
- Bypassed the court systems by creating non-judicial foreclosures where you could not even complain it was the wrong company or they could not produce the note
- Stole billions, still not a widely known fact, by selling the *same* mortgage 2, 3, or 4 times in different securitized packages causing multiple companies to come after you at the same time making it difficult to even determine the appropriate part to sue, let alone pay.

Yeah. Those identity thieves need to be put in prison for life at our expense, but Wall Street douchebags get bailed out with our taxes and allowed to enjoy their freedoms.

Let the bullshit continue and rich investors clean up by stealing all the property and land in the last couple of years at pennies on the dollars, FUNDED BY US!!!!

Re:Belongs in Prison (1)

russotto (537200) | more than 4 years ago | (#32211498)

Yeah. Those identity thieves need to be put in prison for life at our expense, but Wall Street douchebags get bailed out with our taxes and allowed to enjoy their freedoms.

Who said anything about that? As far as I'm concerned the crooked douchbags can share a cell with the identity thieves.

Re:Belongs in Prison (1)

EdIII (1114411) | more than 4 years ago | (#32212068)

My point is that the identity thieves make off with less than $100k per person. Usually far less than that. I went through identity theft myself and my losses were really only around $1000 out of pocket to pay a law firm to hammer the f*ck out of the reporting agencies to get the bad stuff removed. Even with liberal estimates for my time and credit line loss, whatever, it had to have been less than $10,000.

What happened on Wall Street and with real estate resulted in theft and losses of property in the billions and billions. We have yet to see any reform or regulation come out of this, and those that perpetrated the outright fraud aspects of this continue to enjoy their freedoms.

I see this douchebag picked up in India as an example of blue collar crime. The real douchebags that are continuing to perform the white collar crime this very minute, doing easily hundreds of times the damage this guy did per day are effectively untouchable.

Re:Belongs in Prison (1)

mrmeval (662166) | more than 4 years ago | (#32215336)

The scumbags in the financial sector and the politicians who eat their shit share most of the blame for this. The politicians need to put the burden on the financial institution who will then have to bleed money or fix their shit.
 

Should have stayed in the Ukraine (1)

phantomcircuit (938963) | more than 4 years ago | (#32210184)

Epic fail... the Ukraine is basically the world center of Internet crime and it's because nobody ever gets caught there.

Re:Should have stayed in the Ukraine (0)

Anonymous Coward | more than 4 years ago | (#32222230)

Ukraine, not the Ukraine.

Who should have been arrested is ... (0)

Anonymous Coward | more than 4 years ago | (#32210280)

the IT depart of TJX. They ran a KNOWINGLY insecure site and continued with it even though there was prior history. Worse, when they knew that it had happened, they did nothing at first. If they are going to run windows, then they deserve to be cracked.

Re:Who should have been arrested is ... (1)

Locke2005 (849178) | more than 4 years ago | (#32210362)

No, if they are going to run an unsecured wireless network with access to customer credit card data, they deserved to be made financially responsible for all transactions made using the leaked data. I suspect being responsible for a multi-million dollar write-off might be somewhat limiting to one's career in IT.

Deplane (2, Funny)

EdtheFox (959194) | more than 4 years ago | (#32210356)

...as he deplaned from a flight...

Who uses that word?! and Is there anyone over the age of 35 that doesn't think of Hervé Villechaize [wikipedia.org] when you hear the word deplane?

Re:Deplane (1)

Monkeedude1212 (1560403) | more than 4 years ago | (#32211502)

I think it was the Indian Central Bureau of Investigation trying to sound cool using one of those English prefixes while simultaneously verbing a word. All the new kids are doing it.

Just like how I insandwiched my lunch, after devanning and unexitted my work.

Re:Deplane (0)

Anonymous Coward | more than 4 years ago | (#32213006)

Ever considered that it just might be the linguistic usage? Not everyone speaks like Americans.
Oh and before you insandwich, devan, and unexit your work, try to make sure you have correctly used "your" and "you are".
It just isn't cool.

Signed
Rest of the World.

Re:Deplane (0)

Anonymous Coward | more than 4 years ago | (#32214820)

Ha, the irony. "Deplane" is something American airlines made up and their cabin crew tell passengers this is what they're going to do when they disembark (a normal English word).

lifelock? (1)

jaryd (1702090) | more than 4 years ago | (#32211040)

Shoulda signed up...suckers!

Now if they could only arrest Canadian Pharmacy (1)

merc (115854) | more than 4 years ago | (#32211086)

According to ROKSO [spamhaus.org] the folks who run the Canadian Pharmacy run out of the Ukraine. I'd have to say they are the most annoying bastards I've ever seen, at least as far as spammers go. I'm waiting for the day when they get their come upppance. I hope I live to see it.

"identity" "theft" (1, Insightful)

FuckingNickName (1362625) | more than 4 years ago | (#32211462)

Your identity is never stolen. It's as much a misnomer as "piracy".

What usually happens is that private corporations penalise you because they've put you in some set of lame risk databases they use, and it turns out that your entries were filled against your favour as a result of the actions of someone else.

It's your own (plural, every one of you) fault for putting so much trust and reliance on the convenience of the good ol' entry in a database by which your life is made or broken.

us laws are not universal (0, Offtopic)

cluemore (1617825) | more than 4 years ago | (#32211542)

aside from the guy probably being a credit card stealing scumbag accessory ...

as a canadian i am very aware of the unhesitant inclination of americans to apply their laws the world over. black ops renditions? no problem.

consider that this guy has never set foot in the US of A, possibly accepted credit card numbers using servers entirely out of american jurisdiction. it's possible he broke no laws in his own country. As i understand it, some american collected all the credit card numbers and offered them up to this guy. so, he's like a pawnbroker knowingly accepting stolen goods, except he's like a pawnbroker in another country. Now, if I was to steal some jewelery from an american, maybe in canada, and hot foot it to nigeria to sell my loot, is the US of A going to rendition whoever I sell them to there? As far as I know, once I get out of the country - heck, maybe even if I crossed state lines, I'm clear, and the guy I sell to is clear too. Why is the credit card thing any different, legally and jurisdictionally?

The example isn't the greatest because it's pretty clearly against the law to steal jewelery in canada, america, and probably even in nigeria too. Hey, but suppose it's England, and I find some jewelery just lying there on the street, hightail to nigeria, sell it. As far as I know, in canada and america, it's finders keepers, but in england I'd be a thief.

So why does the US have any jurisdiction here? the guy never set foot on US soil. he wasn't even arrested in the US. The americans got the indians to execute their warrant. This guy probably hasn't even been served with anything, no disclosure whatsoever. Did he even know there were charges against him? He's been given the guantanamo bay judge jury executioner treatment.

Suppose the americans decide to enforce their dmca act across the world. What then? Well, I can imagine the pirate bay crew would be facing some quality time in a corner of cuba, stat.

Closer to home we've got some compassion club guy in BC gold territory who sold some seeds to americans from an online seed catalog in canada. he never set foot in the states, and it's the US post office that should be jailed for trafficking but here he is being sent to an american jail for years, and probably not one of those martha stewart comrad black country club prisons either.

Well, heck, the americans invaded afganistan on the slimmest of pretexts so what do you expect. the taliban offerred up bin laden if the americans would just present some proof he was 911 connected, but the americans got all indignant about some ragheads getting uppity and asking questions, so they invaded instead. 8 years later bin laden is still at large - but they got the oil. oh, and the poppy crop is outstanding.

off to the call center for you! (1)

cstacy (534252) | more than 4 years ago | (#32213574)

Maybe they will imprison him in Hyderabad and force him to work in a call center handling people's personal information! http://news.bbc.co.uk/2/hi/south_asia/8677486.stm [bbc.co.uk]
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?