An Arizona man who obtained stolen credit card numbers from overseas hackers and then used the data to withdraw money from cash machines has been sentenced to 84 months in prison.
Jacob Vincent Green-Bressler, 21, of Tucson was one of 16 people indicted in 2005 for their connection to an identity theft ring in which the defendants purchased about 4,500 credit card numbers and corresponding personal identification numbers (PINs) through internet chat rooms, the U.S. Attorney’s Office said. The accused used software to "format and encode" the stolen track data to create counterfeit cards that netted them hundreds of thousands of dollars.
Green-Bressler pleaded guilty in March to aggravated identity theft and conspiracy to commit offenses against the United States, both felonies.
Avivah Litan, a Gartner analyst, told SCMagazine.com today that the bust proves companies still are unnecessarily storing account information that is attractive to cybercrooks. The stolen data included algorithms to decode PINs and other account data, such as expiration dates, passwords and Social Security numbers.
"PINs and full track data are really the pot of gold for the crooks because they can turn that into cash," she said.
Green-Bressler and the other defendants used the bogus cards they created to steal hundreds of thousands of dollars from ATMs. They wired back about half of the proceeds – roughly $300,000 – to the suppliers, who were based in some 20 countries, including Vietnam, Pakistan, Jordan, Egypt, the Philippines, Macedonia, Romania, Estonia, Lebanon, Mexico, France and the United Kingdom.
Litan said it is likely scams such as this one continue to persist as U.S. law enforcment has been unable to bring down the ring leaders because of jurisdictional clashes, particularly in nations such as the Ukraine.
"They’re stopping the bleeding temporarily, but they’re not getting to the heart of the problem," she said. "Those forums [where data is bought and sold] are located in uncooperative countries as well. They’re in bed with each other."
Litan said law enforcement sources have told her the TJX breach — in which 45.7 million credit card numbers were compromised — originated in the Ukraine by the same criminal gang that was responsible for the CardSystems and Polo Ralph Lauren breaches.
"They know who it is, but they just can’t get to them," Litan said of U.S. authorities.
Click here to email reporter Dan Kaplan.