Reuters

Boston, Aug 7: Eleven people have been indicted in Boston for stealing and selling 41 million credit and debit card numbers they obtained by hacking into the computers of nine major US retailers, the US Justice Department said.

In what the department believes is the largest hacking and identity theft case it has ever prosecuted, the stolen numbers were sold via the Internet to other criminals in the US and Eastern Europe and used to withdraw tens of thousands of dollars at a time from ATMs.

The eleven defendants include three US citizens, three from Ukraine, two from China, one from Belarus, one from Estonia and one whose place of origin is unknown, the department said in a statement. The indictment was returned Tuesday by federal grand juries in Boston, Massachusetts, and San Diego, California.

The indictment alleges that after they collected the data, the conspirators concealed the data in encrypted computer servers that the defendants controlled in Eastern Europe and the United States. From there, the stolen numbers were “cashed out” by encoding card numbers on the magnetic strips of blank cards, and then used to extract cash from ATMs, the Justice Department said.

The defendants were allegedly able to conceal and launder their fraud proceeds by using anonymous Internet-based currencies both within the United States and abroad, and by channelling funds through bank accounts in Eastern Europe, it added.

“So far as we know, this is the single largest and most complex identity theft case ever charged in this country,” said US Attorney General Michael Mukasey. “While technology has made our lives much easier it has also created new vulnerabilities,” said US Attorney for the District of Massachusetts Michael Sullivan.