This story was written by Keith Dawson for the Industry Standard's Media Grok email newsletter. It is archived here for informational purposes only because The Standard's site is no more. This material is Copyright 1999-2001 by Standard Media.

THE INDUSTRY STANDARD MAGAZINE
Much Ado About Stolen Credit Cards
Jan 11 2000 12:00 AM PST



Oh boy, another juicy big-bad-hacker-steals-credit-cards story. Janet Reno must be salivating. Well, as a matter of fact, she is. Yesterday the New York Times splashed the story of the unknown but probably Eastern-European cracker who gave away thousands of credit card numbers stolen from an online CD store. Today everybody ran the story with analysis, follow-up, and the Attorney General's response.

In early December the cracker, who calls himself Maxus and claims to be Russian but probably isn't, broke into a server at CD Universe by unknown means and obtained, he says, a database of 300,000 credit cards. He tried to extort $100,000 from the company but CD Universe contacted the FBI and played for time. On Christmas Day the cracker put up a Web site from which any visitor could obtain credit card numbers, one at a time, complete with the owner's name and address. 25,000 visitors did so. The site was shut down Saturday night.

Today's coverage of the story was long on what-it-all-means. Wired News' Chris Oakes talked to security expert Peter G. Neumann, who stressed the danger of aggregating sensitive information in a database without taking more elaborate precautions than CD Universe apparently had. Oakes let the hacker who calls himself Emmanuel Goldstein put an exclamation point to this sentiment. "This story has nothing at all to do with hacking," Goldstein said. "All it proves is that private information is still being left unguarded on the Net and that people need to hold these companies accountable for not protecting their customers."

The Washington Post's AP story quoted an official from CD Universe's parent company, who denied knowledge of any instances in which the stolen credit-card numbers had been used fraudulently. But MSNBC's man dug deeper, citing a story from Sunday on APBNews.com. In that story, David Noack reported obtaining 32 credit-card numbers from Maxus' site and attempting to contact their owners. Of the 12 he contacted, two said they had seen unauthorized charges on their cards.

MSNBC's Mike Brunker found an analyst for the credit-card industry who claimed that fraud was at an all-time low. "There is no system that's ever been invented that doesn't cost more than the fraud costs to prevent it," the analyst said. Let's hope his facts are better than his syntax. - K.D.

Credit Card Blackmail
The Industry Standard

An Online Extortion Plot Results in Release of Credit Card Data
Times
[Registration required.]

Computer Security Experts Try to Track Internet Extortionist
Times
[Registration required.]

Crack Exposes Holes in the Web
Wired

Hacker Takes Credit Card Numbers
Washington Post

Extortionist Posts Credit Cards Online
MSNBC

Extortion Hack Raises Doubt of Online Security
APBnews.com

Attorneys General Eye Internet Crime
MSNBC

Reno Wants Anti-Cybercrime Network
USA Today