So... after reading the TXJ and heartland news reports and watching on HNN I have to laugh a bit.


The TXJ and Heartland break-ins were a huge topic this year and last. Over 4.2 million credit cards were exposed and sold on the black market. Numerous times these break-ins have been cited as the staple for recent PCI initiatives, funding for more cybercrimes units, and the "you dont wanna end up like this"  corporate bedtime stories.

But lets take a trip down memory lane...

Do any of you remember 2004? I know... a long time ago, but indulge me.

If you were a carder or hacker you used two means of selling your stolen PII... IRC or forums. Believe me, I was a primary identity theft researcher during this time.

Sure you did it through proxies, nicks, encryption, etc, but... all the negotiations went down through offshore forums like... Shadowcrew, cardersmarket, blackpalnet, et al. There was tons of these forums but Shadowcrew had reached a certain popularity... a critical mass of some sorts.

After some deliberations the US decided to give identity theft responsibilities the the Secret Service. In 2002 they managed to 'compromise' the security of Shadowcrew by busting one of its lead administrators. This administrator, not named by them at the time, hosted up an anonymity service to all the big-wigs on shadowcrew, an offshore VPN. Then after gathering and analyzing all that data and having complete control of shadowcrew, they finally arrested a ton of carders and hackers all across the world.

Who was this mystery admin? None other than 'cumbajhonny' aka Albert “Segvec” Gonzalez, the same man who hacked TJX and Heartland.

There's an observation and irony here:

Observation:

The secret service along with foreign governments 'released' cumbajhonny for outstanding cooperation but not until he had exhausted his usefulness to them breaking down other carding forums and big names. This went all the way to 2007 meaning he might have hacked TJX and Heartland right under their watch.

Irony:

The Shadowcrew bust was touted as the biggest cybercrime bust in the history of the WORLD at an estimate 4.1 million dollars trafficked on the site. Two years later the Heartland hack ALONE cost consumers 12.6 million...

food for thought...

After watching the HNN cast this week, and from other things I'm reading. I'm left with 2 questions.

1) Why are they required to keep peoples credit card / debit card information after transaction has been completed? After all from what I've heard, but maybe I miss understood, these were not online transactions.

2) Why am I still using my credit and debit cards for anything?