Posted on 12/10/2002 6:22:14 AM PST by chance33_98
Hacker Allegedly Steals 80,000 Credit Card Numbers FBI Works With Israeli Police On Case Posted: 7:54 a.m. EST December 10, 2002
JERUSALEM -- Israeli police, aided by the FBI, arrested an Israeli suspected of hacking into computers of a U.S.-based electronics company and stealing personal information, including the credit card numbers of some 80,000 customers, according to court document released Sunday.
David Sternberg, 24, of the port city of Haifa, was arrested late Friday while driving in a stolen car, police said. The FBI notified the Israelis he was wanted in 2000 and police began searching for him in 2001, according to the transcript of his detention hearing.
Sternberg allegedly broke into the computers of a large U.S. company that sells CD-ROMs and DVDs, but police refused to release the name of the company. The court document also did not mention the company's name.
"It's a company in the (United) States. The FBI had been in connection with us about this case. ... He (Sternberg) was listed as wanted for investigation," police spokesman Gil Kleiman said.
The U.S. Embassy spokesman said he had no immediate information about the case.
In more than two years of Israeli-Palestinian violence, cyberwar has become an integral part of the fighting as Israeli and Palestinian hackers attack rival Web sites and computers -- crashing, jamming and overwriting systems.
These criminals seem to have this persona that they are not hurting anyone due to the fact of high priced items that they cannot afford. They also believe the companies are not harmed.
This is not true.
I am but a small business for now with two children to support. A subsequent chargeback ended up costing my company family $300 and no one is able to help ME!
The criminal gets his products, the credit card owner is not liable and the multi-billion dollar credit card industry is not liable either. You know who is? The small business owner. The same person who pays outrageous fees just to except his customers money through credit cards every month.
Many times these criminals are overseas and prosecuting them is but an added expense which will utimately never come to pass.
I'm not sure if this is a rant or if I am warning all merchant out there to try and fight back.
Now, just as merchants must mark bills to see if they are counterfeit, merchants must check ALL transactions to make sure a 12 year old has not found this software and had $200 worth of products shipped to a vacant apartment next door.
Now, even address verification cannot be your guarantee that an order is valid.
Here is a story that shows why (also below):
The Real Victims of Fraud
By Miguel Helft
Issue Date: Mar 06 2000
Credit card fraud is the Net's dirty little secret. The victims are not consumers - they're merchants that have little or no recourse when they're stuck with the bill.
You'd think Audri and Jim Lanford would know a thing or two about online credit card fraud. Founders of Internet retailer Netrageous.com, they also publish ScamBusters, an online newsletter about Internet fraud that is read by everyone from merchants to state attorneys general. But in February 1998, Netrageous, which sells e-commerce marketing information and services, fell prey to a credit card scam by an unlikely fraudster: an employee of a ski and sports equipment shop in California.
The scam artist gathered names and credit card numbers from the ski shop patrons, then used a free e-mail service to open accounts under the names on the credit cards. Next he placed orders with Netrageous, using the stolen card numbers and billing addresses, neatly bypassing the traditional security checks put in by credit card processors. Because the billing and shipping addresses didn't match, Netrageous did further checks, in accordance with ScamBusters' own security guidelines, but when the e-mail accounts appeared to match the credit card information, the company approved the orders and shipped the items.
Soon the owners of the credit cards complained that they had never placed the orders. Stephanie Sebeck, Netrageous' VP of operations, did some detective work and pieced together how the scam went down. In conversations with the card owners she found that they all lived in California, they all enjoyed skiing and they all had shopped at the same ski shop. Sebeck says even after Netrageous pinpointed the person responsible for the scam, there was little the banks, the police or the free e-mail provider would do. The amount of the theft was not big enough for the police to get involved. And the free e-mail provider said it could do nothing without a search warrant.
It's not just small-business owners who suffer from Internet fraud. Shortly after setting up an e-commerce site in December 1998, Casio (CSIOY) discovered that some large orders of the company's most popular products - handheld computers and digital cameras - had been placed with stolen or forged credit cards. The company never recovered the merchandise and was forced to pick up the bill, says Robert Shapiro, Casio's manager of legal affairs. The company was no retailing neophyte: It operates seven stores in the U.S. and had been successfully taking catalog orders by phone and fax for years. But the experience was a rude awakening to some of the pitfalls that face merchants online.
Credit card fraud on the Internet is a serious, largely unacknowledged problem. Much has been made of threats to consumer security and vulnerability to online fraud, but the fact is that U.S. consumers face little risk: Federal law caps their liability for unauthorized charges on their cards at $50 - though this has not stopped many credit card companies from exploiting fear of fraud by promoting protection schemes that afford little, if any, extra protection.
The real risk belongs to merchants, which can find themselves - as Casio and Netrageous did - stuck with the tab, with no one to turn to for help. Merchants bear the brunt of the responsibility for fraudulent credit card transactions online. Not only can credit card companies do little to help them, the merchants say, but the firms also deny that e-commerce fraud is a problem at all.
"The lesson in all this is there is not a whole lot of protection for the merchant," says Netrageous' Sebeck. "The Internet has gotten a bad rap. It has been portrayed as a place where anyone can take your credit card numbers. The reality is, the merchants are the ones who end up eating the costs of the fraud."
"The Net's Dirty Little Secret"
Ask credit associations like Visa and MasterCard about credit card fraud on the Internet and you'll get a no-nonsense response. "There are always people trying to create the impression that there is a problem out there," says Steve Ryan, senior VP at eVisa, the credit card association's online unit. "We don't have a fraud problem."
Ryan says there's little difference in the rate of credit card fraud, whether the transaction is face-to-face, by mail order or phone order, or by online sale. "In terms of percentage of fraud they track about the same, at less 0.09 percent," Ryan says. Officials at rival MasterCard peg overall fraud rates at about 0.08 percent and will say only that the rate of fraud for Internet transactions is roughly the same as for other "non-face-to-face transactions" such as mail orders and phone orders. At American Express (AXP), officials refuse to discuss fraud rates offline or online.
But the story from many merchants and industry insiders is far different. Virtually all Internet sales involve a credit card, and retailers as diverse as consumer electronics sellers, apparel makers and operators of porn sites all say their e-commerce operations have been fallen victim to credit card fraud.
I believe one day their should be a class action lawsuit against credit card companies for allowing their consumers cards to be stolen with simple number generators. I bet if the consumer were the victim this problem would have been settled years ago. Verified by visa and Visa 3-D is still not available to my company and help in getting this software is still long in coming.
So to all merchants out there, I feel your pain in knowing that there is NO ONE out there willing to help us in a way that would be productive. So far CardCops.com has been the only refuge to find info about what hackers are doing so that you can avoid future attacks. Because, big or small, your company WILL be attacked. I have been in business for three years and only get 1000 visitors a week but I still get viruses and server attacks EVERY DAY!
I just think of how much of my time and money is wasted in fighting against these criminals and it makes me want to throw in the towel. I won't though, my son will some day take over and hopefully we can make it an exciting venture for him instead of feelings of person attacks on a daily basis simply for trying to make customers happy and build a comfortable life for you and your loved ones.
So to all hackers and criminals out there that think they are not hurting anyone:
My family has $300 less for Christmas this month and may not be able to visit Grandma in Ohio because you have no life and find it O.K. to take food, clothing and a chance for a house from my children. Merry Christmas
...end rant.
Hmm, I take credit cards here, and I wouldn't call the fees outrageous. In fact, when I added American Express to the mix, business shot UP...and people stopped asking me for references.
Maybe you need a better merchant account. I'm paying as little as 1.9% to accept plastique.
Michael
I would like you to send me the contact for that price. many times your percentage will drop if you have high volume sales. Mine is usually under $5000 in C.C. transactions a month so I pay somewhere in the range of $50 a month in processing and internet gateway fees.
My rant was more against the criminals and card companies. Not the processing fees.
You sound as if your company has not yet been harmed by fraud. Has it?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.