Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stratfor Breach Leads To Over $700k In Fraud

Posted by Soulskill on from the send-them-a-bill dept.

wiredmikey writes "It isn't often that after a data breach involving credit cards, the public is given information on the exact amount money lost by consumers as a result. Thanks to the FBI, however, we now have a better understanding of what 60,000 stolen credit cards translates to financially, as this data was included in their investigation notes while working the Stratfor case. The last time the public had something close to actual stats from the source, we learned that the TJX breach cost Visa $68 million in 2007, two years after the TJX network was compromised by Albert Gonzalez. Yet, those were Visa's estimates. Now, in the aftermath of the Stratfor breach, the FBI has attributed $700,000 worth of charge fraud to the 60,000 credit card records taken during the network compromise. AntiSec supporters walked away with 860,160 usernames and passwords, in addition to the credit card records."

24 of 68 comments (clear)

  1. So here we have the real motive by msobkow · · Score: 5, Insightful

    Money.

    Not "leaked documents" or "liberated intelligence."

    Plain old fashioned credit card fraud.

    --
    I do not fail; I succeed at finding out what does not work.
    1. Re:So here we have the real motive by IamTheRealMike · · Score: 5, Informative

      No, I think the real motivation was ideological if you read the profiles of Hammond. He used the stolen numbers to donate to charity.

      The problem is, he's an idiot who doesn't understand how credit cards work. Fraudulent charges to charities actually hurts them because they get fined when chargebacks occur. So they don't get to keep the money, they lose extra money on top, and VISA/MC have a habit of disconnecting you from the credit card system entirely if they get too many chargebacks.

      It's really tough to imagine a nastier or more stupid thing to do than use stolen credit cards with charities.

    2. Re:So here we have the real motive by Man+On+Pink+Corner · · Score: 5, Interesting

      It's really tough to imagine a nastier or more stupid thing to do than use stolen credit cards with charities.

      Maybe that was Hammond's whole idea. By feeding bogus credit-card donations to controversial charities like the Church of Scientology, ACLU, NRA, or Freedom From Religion Foundation, you could effectively DoS them, as far as their ability to take Visa/MC is concerned.

    3. Re:So here we have the real motive by Anonymous Coward · · Score: 3, Insightful

      If you complete the circle here, it does come back to the consumer, via retailers who have to pay processing fees and price their goods accordingly.

      In the end, the consumer always pays.

    4. Re:So here we have the real motive by Anonymous Coward · · Score: 2, Informative

      The merchants who processed the stolen cards will be the one bearing the cost. Stratfor will only be fined by the CC companies if they are found to have violated industry rules (PCI compliance, etc.)

    5. Re:So here we have the real motive by biodata · · Score: 4, Interesting

      So, given that the Stratfor hack was an FBI operation, is it now clear that the FBI deliberately sought to harm a number of charities through this mechanism? That doesn't sound like good use of public money.

      --
      Korma: Good
    6. Re:So here we have the real motive by Anonymous Coward · · Score: 2, Interesting

      I am confident that the NRA is not a charity. It is a political action committee.

    7. Re:So here we have the real motive by fast+turtle · · Score: 2

      Well I'll have to correct you about the NRA. It's not a Charity so calling it a controversial charity for a Political Action Organization is like Calling Superman a Wimp.

      AFAIK - Scientology does qualify under the screwy U.S. Rules as a charitable religious organization so I'll let that one slide and no, the purpose wasn't to DoS them. It was to cut off their funding or get them investigated, which for Scientology couldn't happen to a nicer bunch of people.

      --
      Mod me up/Mod me down: I wont frown as I've no crown
    8. Re:So here we have the real motive by berashith · · Score: 2

      Given that the info is released by the organization that arranged the action ( and could therefore get some big negative publicity for it ) , I dont think I trust the number at all.

    9. Re:So here we have the real motive by L4t3r4lu5 · · Score: 2

      I was recently the victim of card fraud. Bank stopped the transaction, but I still had to go in to the local branch to unblock my accounts. I explained that I knew how these things worked regarding small charitable donations, asked for a statement to look for other unauthorised transactions, and found none..

      I don't know if there's the option to allow the charitable donations to stand and then refuse other charges; Technically it wasn't me who made the donation, yet I'd rather not cost the charity money for the sake of £5. It wasn't their fault.

      --
      Finally had enough. Come see us over at https://soylentnews.org/
    10. Re:So here we have the real motive by sl4shd0rk · · Score: 2

      Plain old fashioned credit card fraud.

      No, It's spin. Anonymous looks like a douche and the public will buy the FBI story and never really hear about the real reasons behind the attack.

      Pilfering the coffers has never been a primary motive behind Anonymous. Grabbing CC data is a way of gaining proof and leveraging control over the place you cracked. For the FBI however, It's much easier to build a legal case against the crackers by spinning the attack into a monetary motive. What sounds better in the news? "We're charging xxxx with trespassing and criminal damage because they wanted to make a statement about the evils of Strator" or "We're charging xxxx with theft and $700k in credit card fraud".

      --
      Join the Slashcott! Feb 10 thru Feb 17!
    11. Re:So here we have the real motive by MobileTatsu-NJG · · Score: 2

      Well, no, they still have to respond to supply and demand. Factor in competition and... no, prices aren't going to be raised. If they could get away with it, they would have raised them anyway.

      --

      "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)

    12. Re:So here we have the real motive by tlhIngan · · Score: 2

      The problem is, he's an idiot who doesn't understand how credit cards work. Fraudulent charges to charities actually hurts them because they get fined when chargebacks occur. So they don't get to keep the money, they lose extra money on top, and VISA/MC have a habit of disconnecting you from the credit card system entirely if they get too many chargebacks.

        It's really tough to imagine a nastier or more stupid thing to do than use stolen credit cards with charities.

      I don't know if there's the option to allow the charitable donations to stand and then refuse other charges; Technically it wasn't me who made the donation, yet I'd rather not cost the charity money for the sake of ã5. It wasn't their fault.

      Charities do get special consideration by Visa/MC - they often have very special deals where Visa/MC will NOT charge them transaction fees (lets Visa/MC "donate" the charges), nor other fees for accepting credit cards (most charities would probably wither off and die if they couldn't accept credit cards, so the credit card companies offer them this in exchange for tax receipts most likely).

      So monetarily, most charities will not be penalized. They will be penalized in that someone has to go over the chargeback paperwork and handle it, which means one less volunteer helping out and increased administration costs for the charity.

  2. The real losers by IamTheRealMike · · Score: 5, Informative

    What the summary doesn't make fully clear IMHO is that the cost of this fraud is not carried by VISA or the banks, but rather passed on to merchants ... who ultimately pass the cost on to anyone who uses credit cards. That is unfortunate, because it means the organizations financially incentivized to solve fraud are the ones who can't do anything about it. The organizations who can make these things more secure don't pay the price, which may explain why credit cards are still so insecure.

    1. Re:The real losers by Anonymous Coward · · Score: 4, Insightful

      Quite. And then the merchant is charged for a chargeback, so fraud is actually profitable for banks.

      Once again the free market has produced the best solution... for the rich guy.

    2. Re:The real losers by Anonymous Coward · · Score: 2, Interesting

      The cost is passed on to everyone, not just credit card users
      Even in places where charging extra for credit card usage is allowed (India), many merchants still prefer Credit cards for larger amounts since showing an ID is required, reduces the documentation work for the retailer(large cash transactions have a lot of paperwork involved) and its safer for the retailer since the money cannot be stolen
      Online payments are also much more secure (though less convienient) in India as compared to US, but dont support automatic payments
      Look up Verified by Visa and 3D secure
      Safety features exist, they are just not implemented in US since the customers there dont feel threatened by fraud due to strong consumer protection laws

  3. Charge fraud is the new armed bank robbery by VinylRecords · · Score: 5, Interesting

    Credit card fraud is a huge illegal industry. It finances drug gangs and cartels, terrorists, small organized crime, major organized crime (mafia), and occasionally the rogue individual hacker. It's the new form of armed bank robbery. Instead of guns they use computers though.

    Of course while $700K in fraud by a few people is nothing to ignore, it is a bit ridiculous that the FBI devotes so many resources to catching these scumbags, while virtually ignoring the guys who swindle billions of dollars through stocks, insider trading, and pyramid schemes.

    1. Re:Charge fraud is the new armed bank robbery by fuzzyfuzzyfungus · · Score: 5, Interesting

      At least doubly ridiculous in this case because Stratfor was 0wned after the FBI had infiltrated lulzsec, by the FBI's mole, using (in part) FBI provided server space to disseminate the goods...

      Given lulzsec's generally loose-cannon approach, it isn't clear that the FBI had to put them up to it; but the FBI certainly did stand by and do some case building while they knowingly watched Stratfor and their customer lists burn... I'll be interested to see if that ends up being awkward for them in some way...

    2. Re:Charge fraud is the new armed bank robbery by Theophany · · Score: 5, Insightful

      The FBI "virtually ignore" them because it's the SECs job. That's like bemoaning the LAPD because it spends no time solving homicides in NYC.

    3. Re:Charge fraud is the new armed bank robbery by nedlohs · · Score: 5, Informative

      Not quite. The FBI also invetigate such cases - sometimes with the SEC sometimes without.

      The funny thing is they've kicked it up in the last couple of years (with about 60 convictions), but the OP is too slow to notice:

      http://www.cnbc.com/id/46623058/FBI_Expands_Crackdown_on_Insider_Trading

    4. Re:Charge fraud is the new armed bank robbery by mcgrew · · Score: 3, Informative

      Credit card fraud is a huge illegal industry. It finances drug gangs and cartels

      Illegal drugs are an incredibly lucrative business and don't need to be financed by credit card fraud. Do the anti-drug zealots think we're all that stupid? "Credit card fraud finances the drug trade" is just an incredibly brain-dead thing to say and even more idiotic to believe.

      --
      Free Martian Whores!
  4. The roaring 20's all over again? by thesandbender · · Score: 4, Interesting

    Durring the Great Depression, gangsters and bank robbers were pop-icons and even cult hero's in the U.S because they were perceived as sticking it to "the man". This is strikingly similar, we have a group of thieves trying to cast their actions as being for the "greater good".

  5. Incorrect assumptions by chrb · · Score: 4, Informative

    Not "leaked documents" or "liberated intelligence." Plain old fashioned credit card fraud.

    You have made several possibly incorrect assumptions here:

    1. That AntiSec was the only group to hack the card data
    2. That AntiSec profited from this crime, either by committing the actual credit card fraud, or selling the card data to someone who did
    3. That AntiSec is a monolithic group with a management structure that can command its minions to do/do not do/whatever with data they obtain therefore making the group responsible for the actions of an individual

  6. Albert Gonzalez by Ukab+the+Great · · Score: 2

    By day, he's a mild-mannered Attorney General. By night, he becomes an uber-hacker who compromises Visa. Coolest duality ever.

    Oh wait, we're missing an 'o' on the end. Never mind.