A Ukrainian national accused of helping to hack into nine US retailers and making off with data for millions of credit cards has been arrested in India, IDG News has reported. Sergey Valeryevich Storchark was arrested earlier this week in New Delhi as he deplaned from a flight from Goa, the news service said, citing a spokesman …
Let's not forget what was really wrong
TJX and its subsidiary brands retained card numbers and PINs in their insecure systems. Just who was the dimwitted marketing wonk who thought this was a good idea, the news has not said, but a stunt like this has all the earmarks of a marketing wonk thinking he could do "research" on the customer base.
First rule of organizing any business: keep the lawyers, the accountants, and the marketing wonks in cages in the basement and never ever let them initiate anything. If you need their advice, then fine, let them out into the daylight for a half hour or so, but keep their hands tied behind their backs so they can't grab the levers of authority.
Jobs, because he's a marketing wonk in some sense.
TJX and its subsidiary brands retained card numbers and PINs
PINS?!!? What possible reason would an online retailer have for collecting *_PINS_*?
I don't think so
It has all the hallmarks of a poorly-designed in-house system that has security of personal data too far down on the requirements list (or maybe it didn't even make the list).
Since the alleged criminal acts took place while the suspect was entirely within the Ukraine, I'm not surprised that extradition would be unlikely to happen. But under normal circumstances, such as if the criminal acts had taken place within the United Kingdom or Australia, wouldn't people be prosecuted for hacking into a foreign computer system right in their home countries?
Extradition normally would not even be possible in such cases, but attacking foreign countries is still a crime, because not prosecuting it could lead to a war.
Naturally, there is some awkwardness when the witnesses for the prosecution chiefly live in a foreign country. Perhaps new treaties have been signed which permit extradition in such cases, although this is contrary to the usual international practice as it obtained, say, during the eighteenth and nineteenth centuries, during which each sovereign state was essentially a self-contained legal regime.
'"His extradition and prosecution would have been very unlikely had he reached his final destination of Ukraine," Indian authorities said in a statement.'
aka "It'll be a doddle to extradite him from here, where we've got a massive revenue stream throw outsourcing from the US and so keen to keep them onside"
I don't think Indian police cares a hoot about the IT exports from the private sector. (IT exports are a small percentage of GDP for India & under a different ministry). My guess is that it is some sort of quid pro quo with US police in relation to an ongoing extradition of a terrorist (David Headley) from USA to India.
Apparently somewhat comparable to the case of Gary McKinnon
......allegedly, an Asperger's Syndrome adult who hacked into United States military computers to get secret UFO evidence. Any part of which statement may be less than strictly a true description of the circumstances. Anyway they're having him (or trying to)... do you suppose this other bloke is reading up on Asperger's currently? It may not matter: fraud is nasty. In my opinion if he's allowed out on the streets pmental-wise then he can be held accountable for his actions.