Forgot your password?
typodupeerror
Crime Security The Almighty Buck News

Stratfor Breach Leads To Over $700k In Fraud 68

Posted by Soulskill
from the send-them-a-bill dept.
wiredmikey writes "It isn't often that after a data breach involving credit cards, the public is given information on the exact amount money lost by consumers as a result. Thanks to the FBI, however, we now have a better understanding of what 60,000 stolen credit cards translates to financially, as this data was included in their investigation notes while working the Stratfor case. The last time the public had something close to actual stats from the source, we learned that the TJX breach cost Visa $68 million in 2007, two years after the TJX network was compromised by Albert Gonzalez. Yet, those were Visa's estimates. Now, in the aftermath of the Stratfor breach, the FBI has attributed $700,000 worth of charge fraud to the 60,000 credit card records taken during the network compromise. AntiSec supporters walked away with 860,160 usernames and passwords, in addition to the credit card records."
This discussion has been archived. No new comments can be posted.

Stratfor Breach Leads To Over $700k In Fraud

Comments Filter:
  • by msobkow (48369) on Monday March 12, 2012 @08:21AM (#39324845) Homepage Journal

    Money.

    Not "leaked documents" or "liberated intelligence."

    Plain old fashioned credit card fraud.

    • They averaged less than $12 per stolen card. That's not a very good 'harvest'.
      • by berashith (222128)

        Given that the info is released by the organization that arranged the action ( and could therefore get some big negative publicity for it ) , I dont think I trust the number at all.

      • If we know how many of those cards actually were used before they were all shut down I'll bet they got more that 12.00 per card.
    • by IamTheRealMike (537420) <mike@plan99.net> on Monday March 12, 2012 @08:36AM (#39324935) Homepage

      No, I think the real motivation was ideological if you read the profiles of Hammond. He used the stolen numbers to donate to charity.

      The problem is, he's an idiot who doesn't understand how credit cards work. Fraudulent charges to charities actually hurts them because they get fined when chargebacks occur. So they don't get to keep the money, they lose extra money on top, and VISA/MC have a habit of disconnecting you from the credit card system entirely if they get too many chargebacks.

      It's really tough to imagine a nastier or more stupid thing to do than use stolen credit cards with charities.

      • by Man On Pink Corner (1089867) on Monday March 12, 2012 @08:55AM (#39325079)

        It's really tough to imagine a nastier or more stupid thing to do than use stolen credit cards with charities.

        Maybe that was Hammond's whole idea. By feeding bogus credit-card donations to controversial charities like the Church of Scientology, ACLU, NRA, or Freedom From Religion Foundation, you could effectively DoS them, as far as their ability to take Visa/MC is concerned.

        • Re: (Score:2, Interesting)

          by Anonymous Coward

          I am confident that the NRA is not a charity. It is a political action committee.

        • Well I'll have to correct you about the NRA. It's not a Charity so calling it a controversial charity for a Political Action Organization is like Calling Superman a Wimp.

          AFAIK - Scientology does qualify under the screwy U.S. Rules as a charitable religious organization so I'll let that one slide and no, the purpose wasn't to DoS them. It was to cut off their funding or get them investigated, which for Scientology couldn't happen to a nicer bunch of people.

      • by biodata (1981610) on Monday March 12, 2012 @09:12AM (#39325213)
        So, given that the Stratfor hack was an FBI operation, is it now clear that the FBI deliberately sought to harm a number of charities through this mechanism? That doesn't sound like good use of public money.
      • I was recently the victim of card fraud. Bank stopped the transaction, but I still had to go in to the local branch to unblock my accounts. I explained that I knew how these things worked regarding small charitable donations, asked for a statement to look for other unauthorised transactions, and found none..

        I don't know if there's the option to allow the charitable donations to stand and then refuse other charges; Technically it wasn't me who made the donation, yet I'd rather not cost the charity money for
        • by tlhIngan (30335)

          The problem is, he's an idiot who doesn't understand how credit cards work. Fraudulent charges to charities actually hurts them because they get fined when chargebacks occur. So they don't get to keep the money, they lose extra money on top, and VISA/MC have a habit of disconnecting you from the credit card system entirely if they get too many chargebacks.

          It's really tough to imagine a nastier or more stupid thing to do than use stolen credit cards with charities.

          I don't know if there's the option t

      • by siberian (14177)

        Oh is that why AdSense nailed me for $1800?

        Charity my ass. It was fraud.

    • by Svartalf (2997)

      Don't forget that this is the TJX breakin that this is talking about- Slashdot's munging the concepts together. TJX was purely about money by crooks from start to finish.

      • by Svartalf (2997)

        Note to self... Never post before having your IV injection of caffene.

        Now, one wonders... How is it that Stratfor, a private intelligence gathering interest (They called it a "think-tank", it's not QUITE that sort of interest...), be having this sort of information within themselves. It should be noted that a lot of damning info came out of the breach recently that pretty much devastates the Democratic Party's existence and places the current Administration's existence at risk (Being caught out explicitl

        • by Anonymous Coward

          It should be noted that a lot of damning info came out of the breach recently that pretty much devastates the Democratic Party's existence and places the current Administration's existence at risk (Being caught out explicitly screwing with the Presidential and other election processes will do that for you...)

          What are you talking about? I didn't get that memo.

          • Me either. Considering the lack of trouble for Bush outright stealing two presidential elections, I wouldn't hold my breath, even if whatever the GP is frothing about is actually true.

    • by chrb (1083577) on Monday March 12, 2012 @10:18AM (#39325747)

      Not "leaked documents" or "liberated intelligence." Plain old fashioned credit card fraud.

      You have made several possibly incorrect assumptions [wikipedia.org] here:

      1. That AntiSec was the only group to hack the card data
      2. That AntiSec profited from this crime, either by committing the actual credit card fraud, or selling the card data to someone who did
      3. That AntiSec is a monolithic group with a management structure that can command its minions to do/do not do/whatever with data they obtain therefore making the group responsible for the actions of an individual

      • by gl4ss (559668)

        you wouldn't just give the cc's away and publish what you did if your main point was to acquire cc numbers for fraud.

        why is fbi releasing this data now? to make hacktivism seem like stealing, to justify why they spent a million dollars on operation takedown lulzsec(possibly more! check out how much fbi had personnel working on the case).

        in any case.. stratfor is actually responsible for the fraud committed, they kept a data cache they didn't have authority to keep, keeping a db like that goes against all cc

        • by kmcrober (194430)

          you wouldn't just give the cc's away and publish what you did if your main point was to acquire cc numbers for fraud.

          Yes I would. I would do it for two reasons:

          First, it would let me claim that I committed the crime for altruistic reasons, which would feed my ego and let me pretend to be a hero instead of a crook. Anonymous's fans don't seem to need or want a serious moral or ethical justification for the crime; they're happy with a paper-thin pretext. It helps if you keep referring to the company you hi

    • by sl4shd0rk (755837)

      Plain old fashioned credit card fraud.

      No, It's spin. Anonymous looks like a douche and the public will buy the FBI story and never really hear about the real reasons behind the attack.

      Pilfering the coffers has never been a primary motive behind Anonymous. Grabbing CC data is a way of gaining proof and leveraging control over the place you cracked. For the FBI however, It's much easier to build a legal case against the crackers by spinning the attack into a monetary motive. What sounds better in the news? "We're charging xxxx with trespassing an

  • The real losers (Score:5, Informative)

    by IamTheRealMike (537420) <mike@plan99.net> on Monday March 12, 2012 @08:24AM (#39324875) Homepage
    What the summary doesn't make fully clear IMHO is that the cost of this fraud is not carried by VISA or the banks, but rather passed on to merchants ... who ultimately pass the cost on to anyone who uses credit cards. That is unfortunate, because it means the organizations financially incentivized to solve fraud are the ones who can't do anything about it. The organizations who can make these things more secure don't pay the price, which may explain why credit cards are still so insecure.
    • Re:The real losers (Score:4, Insightful)

      by Anonymous Coward on Monday March 12, 2012 @08:29AM (#39324905)

      Quite. And then the merchant is charged for a chargeback, so fraud is actually profitable for banks.

      Once again the free market has produced the best solution... for the rich guy.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      The cost is passed on to everyone, not just credit card users
      Even in places where charging extra for credit card usage is allowed (India), many merchants still prefer Credit cards for larger amounts since showing an ID is required, reduces the documentation work for the retailer(large cash transactions have a lot of paperwork involved) and its safer for the retailer since the money cannot be stolen
      Online payments are also much more secure (though less convienient) in India as compared to US, but dont suppor

      • by Anonymous Coward
        Unless it's different in different countries, showing an ID is NOT required and in fact prohibited by the merchant agreement. If a vendor insists to see your ID when you attempt to pay with a card, you should report it to VISA.
    • ... or any of the other bankster gangsta terminology.

      Of course, you should compare and contrast that to the gargantuan amounts stolen by the banksters, sonny. Try that for a change!

    • How would they "pass the cost on" in any competitive market, since only some companies would be affected? Wouldn't the merchants' prices already be near the maximum/optimum? It would cut into their profit margins, not raise the prices.
  • by VinylRecords (1292374) on Monday March 12, 2012 @08:25AM (#39324881)

    Credit card fraud is a huge illegal industry. It finances drug gangs and cartels, terrorists, small organized crime, major organized crime (mafia), and occasionally the rogue individual hacker. It's the new form of armed bank robbery. Instead of guns they use computers though.

    Of course while $700K in fraud by a few people is nothing to ignore, it is a bit ridiculous that the FBI devotes so many resources to catching these scumbags, while virtually ignoring the guys who swindle billions of dollars through stocks, insider trading, and pyramid schemes.

  • by thesandbender (911391) on Monday March 12, 2012 @08:55AM (#39325069)
    Durring the Great Depression, gangsters and bank robbers [wikipedia.org] were pop-icons and even cult hero's in the U.S because they were perceived as sticking it to "the man". This is strikingly similar, we have a group of thieves trying to cast their actions as being for the "greater good".
  • It hasn't costed Visa that much, unless it's overhead costs.
    Merchants don't get to keep fraudulent payments, VISA gets that money back. So only costs VISA would accrue is on the "overhead" bracket.

  • It's interesting now that we know Sabu was working for the FBI. I read in several articles this past week that the FBI used Sabu to put a halt to a few hacking jobs. Since the FBI didn't put a stop to this one, shouldn't they be considered an accomplice in the Stratfor job?
  • ...to pay Stratfor for intelligence crap....you really have to think "Live by the intelligence crap, die by it...."

    Lots better than innocent people dying due to intelligence crap...

  • by Ukab the Great (87152) on Monday March 12, 2012 @12:00PM (#39326773)

    By day, he's a mild-mannered Attorney General [wikipedia.org]. By night, he becomes an uber-hacker who compromises Visa. Coolest duality ever.

    Oh wait, we're missing an 'o' on the end. Never mind.

  • The leak happened in early December, but Stratfor did not notify its subscribers until December 24th. They offered a "free" subscription to CSID indentity protection service which, when activated, notified you that Yup, your username, password, and credit card number were hacked, something you could verify for yourself on the web. So there was at least a two week lag where they knew of the breach, but did not tell anyone so as to not "compromise" the FBI investigation. They SAID they notified the cc compani

  • I use Citi Mastercard for online purchases. Citi offers a "virtual account number" feature that can be used to generate a one-time-use number for a specific purchase. I've not had anyone yet attempt to use a number a second time, but if it happens they won't be successful, or so Citi claims.

10 to the 12th power microphones = 1 Megaphone

Working...