The international hacker who confessed to stealing tens of millions of payment card numbers amassed a fortune worth more than $2.7m, including more than $1m in cash buried in his backyard in Miami. Albert "Segvec" Gonzalez agreed to forfeit the ill-gotten booty in a guilty plea that was formally entered in federal court in …
35 years in prison should do the trick
Cut the perp some slack and give him 35 years in prison plus a $50 billion fine. Keep him in prison until he pays up.
If credit card companies used proven cryptography methods then stolen credit card numbers wouldn't be a problem.
The idea that credit card "security" lies in a 16 digit number and a hard to guess date is stupid, but the fact that these IDs can then be used in an infinite number of replay attacks is insane.
RSA security keychains have been around forever, and although they aren't the cure all, at least they would stop reply attacks. Honest to god I hope Nokia kicks the shit out of the PCI with their new payment system.
What's the point of burying money if you're going to crack under pressure and reveal where it is?
Really good solutions have existed for so long it's embarrassing.
If the banks are really that afraid of loosing customers to change, then they should at least let those of us who care use a secure payment system, and let all the other fools continue to use use their 16 + 3 digits.
What a filthy little gold digger!
If he was a Brit...
...He could have invested the money in the government & made a £50,000 profit by now, even in the recession!
"What's the point of burying money if you're going to crack under pressure and reveal where it is?"
Who's to say that's all his liquid cash? Or even most? Or even a significant portion? If you are planning for a contingency where you know you're going to end up talking until they're satisfied, why not have a sacrificial anode handy?
I get the part about Visa numbers in unencrypted files, on hackable servers, on unsecured wireless links. What I don't get is how these guys use that information to get cash from ATMs. Of course if you know how to do it, we don't want you to post it here. But I'm really curious. Is the ATM system really that weak?
He's a criminal
But he's just exploiting poorly designed systems that make this possible.
They should be using these guys as consultants to make things more secure.
@ jim45. Et. Al. Don't get 'merkan bank security.
I have a seven-digit number - my customer number, which is only known to me and the bank - never written down, plus a card of 4-digit numbers always kept in a secret, hidden place <strikeout>under my mattress</strikeout> which I use for each transaction in sequence, then cross out*. THEN, I need another 4-digit number, on the same card to confirm the transaction.
If I enter, say, one number out of sequence, I'm prompted twice more for the correct number - but only if it's no more than two adrift on the card. If I fail again, take passport/driving licence to bank, wait 3 days for new codes to arrive. By registered mail, for which I have to present valid photo-ID again at post office to collect.
*Actually, I don't cross them off. I memorise the index number of the last 4-digit number I used. Safer that way.
Cheks/Cheques? Bank teller looks at them, and when finished laughing sends to the local antique store to be valued.
If I were this twa*t, and buried a million Finmarks, I'd get nowt, 'cos the period for exchanging them for €'s has expired. Bit like burying 2 million 10 shilling notes, I guess, doing a Ronnie Biggs, then trying to cash-the-stash. Apart from getting queer looks from the tellers - who haven't seen a ten-bob note, the Rozzers would be down faster than if someone had shouted 'Litter-dropper!!!'
Wow, this guy's a serious brand whore. BMW, Tiffany, Rolex, Glock... he just has to have the name brand versions! Maybe if he was a little more thrifty, he could have stolen less money, maintained a lower profile, maybe stayed out of jail for a longer. Or indefinitely. Makes me want to start a life of crime just to show people how it's done.
[*] Well, actually a Glock 27 is a pretty good value, and it doesn't really pay to cheap out on firearms...but to point that out would totally ruin the flow.
(Paris, because I said "brand whoring". Heh heh.)
It's no secret, it's a man in the middle attack. If you can get in a position where you can read the (unencrypted?) transmission of the card number and the PIN to the merchant for verification, you've got what you need...it's the people who introduced a wireless network into this equation that need shooting.
"So you say the million $ is buried in the front yard?"
"Yeah... NOI THE BACKYARD!! I said the backyard! There is nothing in the front yard. Nothing! Don't dig there! Please, please please oh please don't dig there..."
@ jim 45
"Of course if you know how to do it, we don't want you to post it here."
Oh. Yes. <Ahem> That's right, we don't.
"anonymous internet-based currencies" - what's wrong with the pound,dollar and Euro then?
Money talks, money talks
Dirty cash I want you, Dirty cash I need you.
...buried in the yard.
Didn't trust banks, then...?
Reasonable enough under the circumstances, I suppose.
Sacrificial anode? Yeah, one attached to his privates and the cathode somewhere else. Apply power. He lights up like a CFL.
Sure, if you can get the PIN you're in. But I can't remember the last time a merchant asked me for my PIN when I paid by CC. I am pretty sure that B & N and other big chains mentioned in this article are not collecting PINs. So what am I missing in this picture?
- Nokia: Read our Maps, Samsung – we're HERE for the Gear
- Ofcom will not probe lesbian lizard snog in new Dr Who series
- Episode 9 BOFH: The current value of our IT ASSets? Minus eleventy-seven...
- Too slow with that iPhone refresh, Apple: Android is GOBBLING up US mobile market
- Kaspersky backpedals on "done nothing wrong, nothing to fear" company article