Massive online credit card fraud
Published: 13 Dec 2000 10:20 GMT
Creditcards.com was the victim of an extortion attempt by a cyberthief accused of hacking into its site and exposing more than 55,000 credit card numbers, the company said Tuesday.
The company is working with the FBI on the case, said Laurent Jean, a spokesman for Los Angeles-based Creditcards.com.
"It was an act of retribution," Jean said. "He was angry with us and this was the way he took out his anger. After [he asked] us for money, we did everything we could to prevent him from entering our system."
The suspect was thought to have hacked into the site and exposed the numbers on the Internet sometime Monday, Jean said. Online merchants who used CreditCards.com were notified by the cyberthief on Monday night. The credit card numbers were still up on the Web early Tuesday.
California resident Les Kelly, a photographer and Web site developer, received the notification on Monday evening. While almost deleting e-mail with the rest of his spam, Kelly instead read the e-mail and immediately checked out the claims, he said.
Kelly found neither of his credit card numbers had been stolen. "I have a merchant account for one of my Web sites. There is a possibility that it uses CreditCards.com as a clearinghouse and that is why I was contacted," said Kelly, who described himself as a "average 60-year-old guy -- not a wizard with computers."
The cyberthief forged an email address -- chad@microsoft.com, apparently in reference to the current election woes -- and railed against e-commerce companies and a lack of privacy for which, ironically, the hacker is partially responsible.
"Till [sic] no completely secure way of transferring the confidential information [is] invented, the number one priority for each and every online company is to secure transaction and to hide information about their clients," wrote the cyberthief, who claimed to be part of a group calling themselves the "L33chWareZ haCkInG GrOUp".
Matt McLaughlin, spokesman for the FBI's Los Angeles field office, confirmed that agents from the bureau's "Cyber Squad" are looking into the case.
Privately held Creditcards.com is a business-to-business site that works with Web merchants so they can accept credit card payments. According to the company's Web site, its customers include software maker iKnowledge and health site Premier Solutions.
The year has seen several high-profile security breaches at e-commerce sites. In September, human error caused a glitch that allowed a hacker to copy the credit card information of about 15,700 customers from Western Union's Web site. Hackers broke into CD Universe's database in January and posted links to thousands of customer names, addresses, and credit card numbers after being unable to extort money from the online music store.
Though studies have shown that hacker attacks have caused some consumers to shy away from online shopping, hacking is much more of a threat to companies, IDC analyst Charles Cology said. "It's a pain for the credit card companies who must cancel thousands of cards and potentially reimburse bogus charges," Cology said. However, for the individual cardholder, the breach is a mere nuisance, he said.
Security breaches like the one at Creditcards.com are an indication of where the real security problems are, Cology said. That is in companies' back-end databases. While there is a certain risk that credit cards sent over the Internet can be intercepted, databases contain huge amounts of personal information that comes from all types of transactions, not just from consumer Internet purchases, he said.
Robert Lemos contributed to this report.
Is your PC safe? Find out at the Hackers News Special
Have your say instantly, and see what others have said. Click on the TalkBack button and go to the ZDNet News forum.
Let the editors know what you think in the Mailroom. And read other letters.





