675k Stolen Credit Cards = Ten Years In Jail

← Back to Stories (view on slashdot.org)

675k Stolen Credit Cards = Ten Years In Jail

Posted by timothy on Sunday July 24, 2011 @09:52AM from the probably-three-and-parole-actually dept.

wiredmikey writes "A hacker who had been found with more than 675,000 stolen credit card numbers that reportedly led to losses totaling more than $36 million, was sentenced on Friday to 120 months in prison. After pleading guilty on April 21, 2011, Rogelio Hackett Jr., 25, of Lithonia, Georgia, was slapped with a maximum prison sentence and ordered to pay a $100,000 fine. According to court documents, U.S. Secret Service special agents executing a search warrant in 2009 at Hackett's home found more than 675,000 stolen credit card numbers and related information in his computers and email accounts. Hackett admitted in a court filing that since at least 2002, he has been trafficking in credit card information he obtained either by hacking into business computer networks and downloading credit card databases, or purchasing the information from others using the Internet through various carding forums."

39 of 204 comments (clear)

Min score:

Reason:

Sort:

Sounds about right. by Kenja · 2011-07-24 09:56 · Score: 4, Insightful

Is this suposed to be controversial or something? Seems a reasonable sentence for the crime, neither inflated or too short.

--

"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
1. Re:Sounds about right. by Oxford_Comma_Lover · 2011-07-24 10:03 · Score: 4, Insightful
  
  That's up to 675,000 people he's hurt, so he gets less than two years per hundred thousand people.
  On the one hand, that seems really freaking low. On the other, more time won't necessarily help anyone--it won't make him less likely to commit crimes in the future, and the deterrent effect probably isn't great.
  Also, there were people at Nuremberg who got ten years, so going much higher than that would be comparatively high by that standard.
  
  --
  -- IANAL, this isn't legal advice, and definitely isn't legal advice for you. Also, Squee!
2. Re:Sounds about right. by sjames · 2011-07-24 10:20 · Score: 4, Insightful
  
  More properly, he hurt a few banks which insist on a system with virtually no security whatsoever. They then passed the hurt on to up to 675,000 people rather than fixing the problem.
  That certainly doesn't make him less guilty, it just makes him the only one who's going to pay for it.
3. Re:Sounds about right. by veganboyjosh · 2011-07-24 10:29 · Score: 3, Insightful
  
  Not been the victim of id theft/fraud much?
4. Re:Sounds about right. by erroneus · 2011-07-24 10:40 · Score: 2
  
  You are not paying attention to who is victimizing who. You do not control information about you and you cannot control information about you. Information about you is traded and shared commercially all over the world. Our credit systems rely on the belief that information about you is a secret. Do you see a problem with this yet?
  Okay, so now, when people come to you to pay bills you don't owe, it is the SYSTEM that is victimizing you, not the fraudsters who took advantage of a horrible system.
5. Re:Sounds about right. by Anonymous Coward · 2011-07-24 10:41 · Score: 2, Interesting
  
  No fucking way. I'd say he deserves at least two years per $1M. Just kill him now.
  You're likely a troll, but I'll bite anyway:
  Really? This guy is playing the same game called Capitalism that everyone else is playing. Megacorporations, oil companies, banks, etc., get away with theft (and much worse) on scales that are orders of magnitude greater, affecting much more people and in more extreme ways.
  They'll never spend a day in any kind of prison. With that in perspective, the sentence this guy is getting is unjustly harsh.
6. Re:Sounds about right. by wickerprints · 2011-07-24 10:41 · Score: 2
  
  This is wrong. It actually not only hurts those who had their card data stolen, but it also hurts everyone who has a credit card, or who needs to secure a line of credit, because the cost to insure against losses due to fraud are eventually passed on to the borrower in the form of higher interest rates, higher fees, or more restrictive lending practices. That money isn't just eaten by the companies--you would be delusional to think that for one second.
  The sentence is too light, not in terms of the jail term, but the fine. The only real meaningful form of punishment these days is not locking someone up physically, but financially. Turn him into an indentured servant, work him to the bone, and let him die penniless and in squalor. That would be justice.
7. Re:Sounds about right. by Opportunist · 2011-07-24 10:43 · Score: 2, Insightful
  
  You're right. Let's round up the CEOs.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
8. Re:Sounds about right. by hedwards · 2011-07-24 10:50 · Score: 4, Insightful
  
  He didn't hurt the banks. The banks will pass the loss on to the clients in the form of higher rates. Which is unfortunate because as long as banks can just buy their way out for cheap they aren't likely to invest in the kinds of security necessary to make things more challenging for crooks.
9. Re:Sounds about right. by icebike · 2011-07-24 10:50 · Score: 5, Insightful
  
  No, nothing about the credit card system relies on the belief that the information about you is a secret.
  With all due respect to your anti-credit card mentality, most of us get them for convenience, not to remain anonymous or secretive.
  We are not victimized by the people we do business with via our cards. We enter into those agreements with full knowledge
  that we expect X amount of money to be charged against our card, and we receive X amount of goods or services. We are all adult enough
  to realize there is and audit trail and some other uses (fully explained in the TOS) may be made of the information. We are adult enough to realize
  no one will do all of this for free.
  I absolutely REFUSE to let you EXCUSE the theft of 675 thousand credit card data and 37 million dollars of fraud based on your silly
  objection to the TOS that you knew going in.
  The system without the fraudsters does not victimize me.
  The fraudsters victimize me.
  No amount of windmill tilting on your part can change that.
  
  --
  Sig Battery depleted. Reverting to safe mode.
10. Re:Sounds about right. by icebike · 2011-07-24 10:56 · Score: 2
  
  Where did you get the banks involved in this?
  He obtained either by hacking into business computer networks and downloading credit card databases. (If you won't read the article at least read the summary).
  The banks, while vulnerable enough, are the least of the problem. The corner grocery, the power company, newspaper, ebay, and any other place from which you routinely purchase are the ones with lax security.
  And while its fun to rail at banks, remember that the US DOD was hacked by a bunch of kids. The problem of internet security goes much deeper than your hatred of banks.
  
  --
  Sig Battery depleted. Reverting to safe mode.
11. Re:Sounds about right. by Anonymous Coward · 2011-07-24 10:59 · Score: 4, Insightful
  
  This is one of the dumbest posts I've ever read on the internet.
  1. You're not some messiah for not having a credit card, contrary to your belief. Your failure to manage your money with a credit card is damning evidence of why nobody should bother listening to you on topics related to money. There is not a dichotomy of "has a credit card and makes stupid purchases" versus "does not have a credit card and makes good purchases". Your inability to separate yourself from those in the first category is your own fault, not the card's fault.
  2. I frequently make purchases in the $XXXX range. I'm not carrying around a checkbook or that much cash. In the case of a mugging? I call my CC company, they willingly set up no-expense-paid monitoring on my SSN for a year, and then they send me a new number. In the case of cash/checkbook? I'm royally fucked.
  3. I don't know who or what David Ramsey is, nor do I care what some radio financial evangelist thinks. If he is truly a "multi millionaire" like you claim, there's a good reason he doesn't need a credit score - whatever he's buying, he can probably afford. The rest of us? Not so lucky.
12. Re:Sounds about right. by Anonymous Coward · 2011-07-24 11:13 · Score: 2, Insightful
  
  It's not that serious. If you have an issue with cancelling your credit card, informing a few companies of the change, and filling out a short form to recover your money you have bigger issues than this man. People need to relax.
  Multiply that by 675000 times. If it takes you 10 minutes on the phone to the credit card company, and 10-20 minutes to each biller (estimated on the low side - chances are you'll probably be on hold for 30 minutes or more). On average say you have a minimum of 2 direct debits (utilities, phone/internet - not counting rent, etc.), that's at least 30 minutes - which 675000 man hours wasted (30 minutes for you, 30 minutes for the person answering a call).
  Not to mention all the police and fraud squad involvement.
  675000 / 24 / 365 = 77.05 years.
  Hey - maybe he shouldn't be put in jail and given a medal, for all the work he's created.
13. Re:Sounds about right. by The1stImmortal · 2011-07-24 11:14 · Score: 2
  
  To put it in context, that's 7 minutes, 47.52 seconds in prison per card number, or about 8.8 seconds per dollar in losses.
  At that rate it's positively profitable to steal card numbers!
14. Re:Sounds about right. by wickerprints · 2011-07-24 11:43 · Score: 5, Informative
  
  You clearly don't understand the nature of credit and its importance in American economics.
  The implication in your simplistic view of credit is that it is a mechanism by which one borrows what they cannot afford to pay in full immediately. This is only sometimes true. However, in many cases, credit is used as a method of protecting oneself from risk. Only fools and old grandmothers who stash money under their mattresses think that credit is intrinsically bad. If I pay for something with a card, my creditor provides additional protections in case what I bought is not as advertised, or if there is some other dispute with the merchant. If I paid cash, I have no such protection.
  Building a positive credit history is also essential for other purposes, such as renting a property, or securing employment in some sectors. Whether you agree with the practice or not, there is an increasing trend toward using credit history as a measure of financial and social responsibility. Lack of such a history is not considered an advantage--quite the opposite. If you are one of the lucky few who can get through life without having to establish your reputation through such means, then that's great, but that doesn't give you the right to be condescending toward the vast, vast majority of individuals who work hard and manage their credit wisely.
  Credit is like food. You can use it in moderation. Excessive use may be an indication of addiction. Trying to avoid it is an illness unto itself.
15. Re:Sounds about right. by icebike · 2011-07-24 12:34 · Score: 2
  
  The majority of credit cards stolen are not from terminal swipes, but rather on-line purchases, especially repetitive on-line purchases
  such as routine bill payment where the merchant needs to retain the card info for subsequent billings. (Gas, electricity, news paper, web purchases, etc).
  Cartographic signing at a pos terminal is not an option. Further POS sales generally go directly to the payments processor and never even need stop at the mom-and-pop grocer.
  The number is not both ID and authentication. (As I suspect you well know).
  In addition you need a couple other data elements.
  The unfortunate thing is these are all on the card itself.
  But this theft did not involve the card itself. It involved data files from corporate computers.
  Short of a merchant specific CC numbers, (which are available from some credit card companies) there is no way
  to allow repetitive payments without retention of card data by the merchant.
  This system evolved. It was never designed with the availability of all the protections you imagine.
  There are literally millions of POS terminals in any given state, and probably billions world wide. Its nice to imagine them all being updated to the latest technology over night, but even if you could bear the cost of doing so you are still left with a mix of old and new for 10 or 20 years.
  People (probably you) rail against NFC which has the real potential to solve the POS problem.
  But nobody has wet solved the Credit Card on File problem that ever on-line-retailer has to deal with.
  
  --
  Sig Battery depleted. Reverting to safe mode.
16. Re:Sounds about right. by icebike · 2011-07-24 12:41 · Score: 4, Informative
  
  The victim here are the credit card companies themselves. The merchant still gets paid from what I understand, and the credit card company has to eat it. Hence, they are the victims, not you.
  Are you Daft?
  Credit card companies charge back fraudulent sales to the merchant. They eat little or nothing themselves.
  The merchants eat it.
  The card holder is still on the hook for $50 or so. More if they delay reporting the loss.
  Further, the cost of goods goes up for everyone due to merchants having to eat the loss of the Color TV purchased with a fraudulent card for which they are charged-back.
  
  --
  Sig Battery depleted. Reverting to safe mode.
17. Re:Sounds about right. by izomiac · 2011-07-24 15:00 · Score: 2
  
  ($36,000,000 - $100,000) / 10 years = $3.59 Million per year
  $3,590,000 / (365.25 * 24) = $409 per hour
  
  So, how many people would like a job that paid $409/hour and got paid up-front? Now, surely any ill-gained assets were seized, but still, the probability of being caught is low enough for this to make perfect economic sense.
18. Re:Sounds about right. by sg_oneill · 2011-07-24 16:42 · Score: 3, Informative
  
  Fun fact. The elderly pensioner who lived next door to me is now homeless after being credit card frauded over the internet. He was an old , not particularly literate, old man.
  The company who got broken into didn't do this to him , the thief did.
  Stick all the abstractions you like up your own arse and light it on fire for all I can care. The buck stops at a respectable but aged 70 year old man who last I checked is living in a squat with junkies because some punk thought it would be clever to empty his meagre pension and thus make him unable to pay his boarding house rent. Thats the bottom line.
  
  --
  Excuse the Unicode crap in my posts. That's an apostrophe, and slashdot is busted.
19. Re:Sounds about right. by sjames · 2011-07-24 17:38 · Score: 2
  
  That doesn't exactly put me in the clear. I am still subject to "identity theft". That is, a bank allows itself to be defrauded of a fair bit of credit and comes after me for it without a single shred of proof that I agreed to anything. Because of their contract terms with retailers, I still get to subsidize the percentage they take for credit transactions even when I pay cash (they forbid the merchant from passing the credit transaction cost to the patron, so they have to hike the price for everyone to cover it).
  I also get to pay more because the banks charge the fraudulent transactions back to the merchant who then has to raise prices for everyone to cover the excess breakage. It's not like I get to opt out of that surcharge by paying cash. If the bank had to eat the damage and pass the costs ONLY to people who opt to use the credit card, that would be fine, but it would look a bit less like credit cards are as good as cash then. It's a classic case of privatized profits coupled with socialized losses.
  Further, there is nothing less convenient about having a smart card sign the transaction. To the customer, it would look a lot like using an ATM or credit card at a gas pump. It could even be managed by a near field tap the pad with your card system.
  A more security conscious user might set the card to mandatory pin entry using a device in their wallet. In the near future, they would just load the "card" into their phone and enter the PIN before tapping the pad with their phone.
20. Re:Sounds about right. by erroneus · 2011-07-24 21:45 · Score: 2
  
  Credit is not food. Credit is drugs. Use drugs in moderation. Excessive use may be an indication of addiction. No need to repeat the last statement.
  One does not have to prove one is worthy of being given food by borrowing increasing amounts of food only to return it later.
  That is the simplicity of this game. People spend money and then they pay it back.. eventually, maybe, at some point in time. Even if EVERYONE pays their debts without exception, why doesn't it simply make more sense to save first, spend later to skip this middle-man which rewards his users with an approval score of worthiness? I have never paid interest on my savings.
  And this bleed over of the credit system into other aspects of life was predicted when this system was being assembled and was fought tooth and nail. Thanks to the credit system as it is now, when people lose their jobs through no fault of their own (as we have seen lately) and have been relying on being spoonfed a diet of credit, there is no place but disaster for those people to go. Worse, it now interferes with their ability to recover through employment, eligibility for housing or other essentials for survival. So even people who play the game properly and by the rules of best practice make themselves needlessly vulnerable to this system.
  (I just love the responses from those who say "I always pay the balance" etc, etc. Really? You have never found yourself in a difficult situation? And you can never imagine that happening in the future? It is precisely because I have found myself in difficult situations after living under "best practices managing credit" that I realized I was paying someone else to use my own money.)
  It is very possible to continue to enjoy the electronic freedoms everyone else has. Keep your money in the bank. Use debit cards instead of credit cards. Maintain a safe-gambler's amount of money in the account associated with the debit card. (Safe-gamblers never bet more money than they can afford to lose.) Save first, spend later. Why is "spend now, pay later" better?
21. Re:Sounds about right. by N1AK · 2011-07-24 22:54 · Score: 2
  
  So your point is that because you have sufficient assets and low enough demands to be able to afford what you want without long/short term credit, anyone who doesn't fit that model isn't managing their money well? That sounds pretty self-absorbed to me.
  
  The only credit I have ever had is a student loan (in the UK where they're basically a no brainer due to interest rate) and now have a 50% mortgage which I'll have paid off by 30. I don't need credit at the moment, but I'm not naive enough to think that means anyone who uses it it isn't managing their money. If my car was to die tomorrow I'd take a short-term loan to buy a new one. I don't have to, but I don't have the ~£10k I'd want to spend available in cash reserves as I used most of it on the house. I could try and get by without a car, buy a cheaper car I don't want or hire, but I don't believe they are the better option. I could have continued to rent, rather than buy, to ensure I had sufficient cash reserves, but then I'd be paying more in rent to avoid a more cost effective solution based on using credit to cover a risk.
  
  Yes, lots of people live beyond their means and use credit to do it. Plenty of people use credit responsibly, in exactly the same way that many companies do.
22. Re:Sounds about right. by hairyfeet · 2011-07-24 23:35 · Score: 2
  
  Ya know I think the sentence would be fair if he did the right kind of time instead of just sitting in a cell for his time. Here in AR we have what is called "The Hoe Squad" where they drag your ass out of bed at dawn and you work your damned ass off until sundown in the fields earning your keep.
  I've seen video footage on one of those "world's wildest" where a guy drove a car that was on fire with a wheel gone flying low, nearly flipping who knows how many times, just so he could cross the TN border to keep from going back to the hoe squad.
  So he caused 675,000 people to have to deal with the royal bitch that is trying to get your credit straightened out from the big three, which anyone who has had to deal with ID theft knows what a nightmare dealing with those bunches is, well his 7 years before parole served on the hoe squad sounds fair to me. If we did the same to those malware writers maybe they'd think twice instead of using it as a stepping stone to get a cushy job for a security firm after their slap on the wrist.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
23. Re:Sounds about right. by bill_mcgonigle · 2011-07-25 01:21 · Score: 2
  
  But this theft did not involve the card itself. It involved data files from corporate computers.
  Short of a merchant specific CC numbers, (which are available from some credit card companies) there is no way to allow repetitive payments without retention of card data by the merchant.
  Not just repetitive payments, but refund processing as well. There is some hope - some payment processors are handling the online payments directly and giving the merchants API's to do some secure payments. Look up 'tokenization'.
  
  --
  My God, it's Full of Source!
  OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
24. Re:Sounds about right. by mjwx · 2011-07-25 02:43 · Score: 2
  
  I get 1% cashback on my purchases, have to pay $25 / year for the credit card, but I put recurring bills totallying well over $2500 per month on the credit card,
  
  Each CC transaciton attracts a higher fee paid by the merchant (that's who you're paying) to be paid to the bank. This can be as high as 3%. The cost of this is passed back on to you, the customer in the form of higher prices. The net effect is to increase the cost of whatever you're trying to purchase without increasing revenue to the company you're purchasing from.
  
  Please dont tell me that you're naive enough to think the bank was giving you free money, they paid you back out of the % the bank got from the merchant.
  
  Paying by direct debit or bank transfer does not attract such high fees.
  
  but I just can't comprehend that sort of lack of self-control.
  Oh, so that's why credit card debt is spiralling out of control.
  
  Credit has its uses, as I said for investments that are expected to grow over time, but it's positively idiotic to use credit for consumption.
  
  Also, if you must know, I have a credit card and a gold debit card with banks in Oz. The CC is basically collecting dust as the gold card has far lower fees and charges. I've used in once in the last year to buy flights.
  
  --
  Calling someone a "hater" only means you can not rationally rebut their argument.
Not nearly enough time by icebike · 2011-07-24 09:56 · Score: 3, Insightful

Ten years means he will probably enjoy the fruits of his labor at 35, when he retires with some of that 36 million (or the other multi-millions the feds never found) that he squirreled away off shore.

--
Sig Battery depleted. Reverting to safe mode.
1. Re:Not nearly enough time by Oxford_Comma_Lover · 2011-07-24 10:04 · Score: 2
  
  Leading to losses totalling 36 million does not mean that he personally stole 36 million. He may have just had a commission--at that quantity, he sounds like a wholesaler.
  
  --
  -- IANAL, this isn't legal advice, and definitely isn't legal advice for you. Also, Squee!
2. Re:Not nearly enough time by hansraj · 2011-07-24 10:05 · Score: 4, Insightful
  
  Losses incurred probably include things like time lost in canceling a card and issuing new one. The wordings of TFA don't make it clear whether he used all those cards or he just sold it to other criminals, so I have no idea how much this guy directly made.
Rogelio Hackett by russ1337 · 2011-07-24 10:10 · Score: 4, Interesting

The Mr Hackett was destined to become a hacker...

....researchers have found that people named Dennis are more likely to become dentists. An article, “Why Susie Sells Seashells by the Seashore,” finds that in the U.S. population the names Jerry, Dennis, and Walter rank 39th, 40th, and 41st among male first names. But in the national directory of the American Dental Association there are close to twice as many Dennises (482) as Walters (252) and Jerrys (270). “Similarly, people whose names begin with ‘Geo’ (e.g., George, Geoffrey) are disproportionately likely to do research in the geosciences (e.g., geology).”
http://www.freakonomics.com/2009/04/24/yes-part-ii/
1. Re:Rogelio Hackett by Stellian · 2011-07-24 20:35 · Score: 2
  
  What if the name Dennis was fashionable among the upper-middle class during the years the current generation of dentist was born, leading to a significantly higher propensity for a high-investment, high-income career for the children ?
  The guys of Freakonomics explained how children names become fashionable among the upper classes, and are then emulated by the lower classes; the upper classes then move to new names as the old names become mundane. Slutty names like Bambi and Brandy were at one point all the rage. Incidentally, they point to a study where identical CVs get 50% less callbacks when they belong to people named Tyrone and Lakisha.
2. Re:Rogelio Hackett by Oligonicella · 2011-07-25 03:13 · Score: 2
  
  The doctor who set my broken arm when I was thirteen was Dr. Bonebreaker. Shit you not.
about that fine, by nimbius · 2011-07-24 10:14 · Score: 5, Funny

do you accept visa or mastercard? ;)

--
Good people go to bed earlier.
I never get why these people stick around by nzac · 2011-07-24 10:16 · Score: 2

Could he not have stoped at say 15M and taken an indefinite vacation to a non extradition country.
Re:He's not going to white-collar resort prison... by artor3 · 2011-07-24 11:02 · Score: 2

It's a line from a movie. One that virtually everyone on this site has seen. It doesn't mean people are pro-rape. The occasional scumbag might be, but if you judge an entire country based on them, you're going to find that every country fails your standards.
How does this sit with the RIAA sentances by Fluffeh · 2011-07-24 11:05 · Score: 5, Interesting

Given that 675,000 credit cards is a ten year prison sentence, I do wonder what the same sentence would have been if it was 675,000 tracks he downloaded - and if the two of these sentences are therefore proof that the law is tilted towards a specific type of industry?

--
Moved to http://soylentnews.org/. You are invited to join us too!
Re:So a day in jail... by Zero__Kelvin · 2011-07-24 11:35 · Score: 2

"I'd take my chances in federal prison for 10k a day."
Sure, on the first day. By the second day, you would offer to give them the 10k back with 100% interest in order to be released, I promise you.

--
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
sentencing guidelines by NynexNinja · 2011-07-24 14:32 · Score: 3, Interesting

The sentencing guidelines have been changed several times over the last 20-30 years regarding the penalties for this type of offence. In the 1980's or 1990's, had this guy been sentenced, he would likely be facing probation or at most a few months in jail, depending on his prior history. These days, they really throw the book at these people and the sentences are on par with murderers and other violent felonies. This man was born about 10 years too late, and was about 10 years older than he should have been when he committed these crimes. Also, I highly doubt the inflated numbers involved in the theft of the credit card data. The credit card companies have been known to dramatically inflate these losses, and then if you ask them for any sort of documentation proving any of it, the real numbers are somewhere around 1% of the original amount they specified. They probably claim this as a deduction on their taxes.
Re:Hung for a lamb, hung for a sheep by Dainsanefh · 2011-07-24 15:16 · Score: 2

That's why anarchy is the preferred political system of the new millennium.

--
Twitter: @dainsanefh
Re:Credit Card vs Debit Card: Big Differences by jonamous++ · 2011-07-24 23:34 · Score: 2

This is not true, actually. Regulation E covers both credit and debit cards. If you report the fraud within two days of discovering the fraudulent activity, you can be liable for up to $50 (some banks, like mine, offer zero liability). If you wait longer, you could be liable for up to $500. The big difference is that a credit card charge is typically reversed during the Regulation E claim investigation, while a debit card transaction is left there during the investigation. Many banks will give you a provisional credit during the investigation (debit card) but I do not believe they are obligated to do so. Investigations can take a while, so if your money is tied up due to a Reg-E claim, you could be screwed.