Forgot your password?
typodupeerror
Security Crime The Courts

675k Stolen Credit Cards = Ten Years In Jail 204

Posted by timothy
from the probably-three-and-parole-actually dept.
wiredmikey writes "A hacker who had been found with more than 675,000 stolen credit card numbers that reportedly led to losses totaling more than $36 million, was sentenced on Friday to 120 months in prison. After pleading guilty on April 21, 2011, Rogelio Hackett Jr., 25, of Lithonia, Georgia, was slapped with a maximum prison sentence and ordered to pay a $100,000 fine. According to court documents, U.S. Secret Service special agents executing a search warrant in 2009 at Hackett's home found more than 675,000 stolen credit card numbers and related information in his computers and email accounts. Hackett admitted in a court filing that since at least 2002, he has been trafficking in credit card information he obtained either by hacking into business computer networks and downloading credit card databases, or purchasing the information from others using the Internet through various carding forums."
This discussion has been archived. No new comments can be posted.

675k Stolen Credit Cards = Ten Years In Jail

Comments Filter:
  • by Kenja (541830) on Sunday July 24, 2011 @05:56PM (#36865330)
    Is this suposed to be controversial or something? Seems a reasonable sentence for the crime, neither inflated or too short.
    • by Oxford_Comma_Lover (1679530) on Sunday July 24, 2011 @06:03PM (#36865386)

      That's up to 675,000 people he's hurt, so he gets less than two years per hundred thousand people.

      On the one hand, that seems really freaking low. On the other, more time won't necessarily help anyone--it won't make him less likely to commit crimes in the future, and the deterrent effect probably isn't great.

      Also, there were people at Nuremberg who got ten years, so going much higher than that would be comparatively high by that standard.

      • by sjames (1099) on Sunday July 24, 2011 @06:20PM (#36865542) Homepage

        More properly, he hurt a few banks which insist on a system with virtually no security whatsoever. They then passed the hurt on to up to 675,000 people rather than fixing the problem.

        That certainly doesn't make him less guilty, it just makes him the only one who's going to pay for it.

        • by hedwards (940851) on Sunday July 24, 2011 @06:50PM (#36865756)

          He didn't hurt the banks. The banks will pass the loss on to the clients in the form of higher rates. Which is unfortunate because as long as banks can just buy their way out for cheap they aren't likely to invest in the kinds of security necessary to make things more challenging for crooks.

        • by icebike (68054)

          Where did you get the banks involved in this?

          He obtained either by hacking into business computer networks and downloading credit card databases. (If you won't read the article at least read the summary).

          The banks, while vulnerable enough, are the least of the problem. The corner grocery, the power company, newspaper, ebay, and any other place from which you routinely purchase are the ones with lax security.

          And while its fun to rail at banks, remember that the US DOD was hacked by a bunch of kids. The pr

          • by sjames (1099)

            We have known for 3 decades how to create a card (either cash or credit) where simply knowing the number and name on it is absolutely useless, but the banks refuse to implement them. As long as they insist of a screwed up system where the number is both ID and authentication, this will remain a problem. For example, a smart card can cryptographically sign a plaintext transaction handed to it by a POS terminal. At that point, it hardly matters if it is broadcast to the world.

            The merchants are stuck working w

            • by icebike (68054)

              The majority of credit cards stolen are not from terminal swipes, but rather on-line purchases, especially repetitive on-line purchases
              such as routine bill payment where the merchant needs to retain the card info for subsequent billings. (Gas, electricity, news paper, web purchases, etc).

              Cartographic signing at a pos terminal is not an option. Further POS sales generally go directly to the payments processor and never even need stop at the mom-and-pop grocer.

              The number is not both ID and authentication. (

              • by sjames (1099)

                The majority of credit cards stolen are not from terminal swipes, but rather on-line purchases, especially repetitive on-line purchases such as routine bill payment where the merchant needs to retain the card info for subsequent billings. (Gas, electricity, news paper, web purchases, etc).

                So what you're saying is people need to be able to sign text based transaction records through their browser and need to be able to sign standing transaction orders (that specify a max amount, to what account, and how often). All ancient news, all easily done.

                Cartographic signing at a pos terminal is not an option. Further POS sales generally go directly to the payments processor and never even need stop at the mom-and-pop grocer.

                So the problem is lax security at the mom'n'pop (your claim) but the card data need never stop there so it's not a problem (also your claim)? HUH? I'm sorry but you'll either have to pick one or show me how Schrodinger got involved.

                Short of a merchant specific CC numbers, (which are available from some credit card companies) there is no way to allow repetitive payments without retention of card data by the merchant.

                Or, as I said, signe

              • But this theft did not involve the card itself. It involved data files from corporate computers.
                Short of a merchant specific CC numbers, (which are available from some credit card companies) there is no way to allow repetitive payments without retention of card data by the merchant.

                Not just repetitive payments, but refund processing as well. There is some hope - some payment processors are handling the online payments directly and giving the merchants API's to do some secure payments. Look up 'tokenizati

        • More properly, he hurt a few banks which insist on a system with virtually no security whatsoever. They then passed the hurt on to up to 675,000 people rather than fixing the problem.

          That certainly doesn't make him less guilty, it just makes him the only one who's going to pay for it.

          I don't think enough people fully appreciate both sides of the security/convenience scale on this one.
          They need to keep credit cards about as easy to use as cash.

          The banks are not ignorant of the risks. If you don't like it use cash and throw away your debit cards for credit cards & ATM cards. Or walk into your bank, make cash withdrawals and go that route. Hell, just keep cash under your mattress if you really hate the economy.

          • by sjames (1099)

            That doesn't exactly put me in the clear. I am still subject to "identity theft". That is, a bank allows itself to be defrauded of a fair bit of credit and comes after me for it without a single shred of proof that I agreed to anything. Because of their contract terms with retailers, I still get to subsidize the percentage they take for credit transactions even when I pay cash (they forbid the merchant from passing the credit transaction cost to the patron, so they have to hike the price for everyone to cov

      • That's up to 675,000 people he's hurt...

        He stole from credit card companies, not individuals. You're not liable for credit card fraud.

      • by milkmage (795746)

        no people were harmed in this crime.. banks are on the hook for fraudulent charges (for electronic transactions).

        http://www.federalreserve.gov/bankinforeg/regecg.htm [federalreserve.gov]

        Section 205.6 Liability of consumer for unauthorized transfers
        Limits a consumer's liability for unauthorized electronic fund transfers, such as those arising from loss or theft of an access device, to $50; if the consumer fails to notify the depository institution in a timely fashion, the amount may be $500 or unlimited.

        my bank called me for a

        • Banks are on the hook.... So the bank losing money doesn't affect anyone? Which banks do you use that give away free money because they have an unlimited supply and altruistic owners?
      • Now that they have a conviction, they could have each BANK file separate charges. Cards are owned by banks, each separate bank and jurisdiction should be able to charge him separately.. As THEY are the wronged parties with hundreds of cards each. That would add just ONE year per bank... Or potentially 100's of CONSECUTIVE 1-2 year terms on top of the ten.

        Frankly, it's time for the law to "step aside" in these cases intil people learn not to do this. O think it's time to bring back public corporal punishment

      • by coaxial (28297)

        That's up to 675,000 people he's hurt,

        No. That's up to all of us.

      • by hairyfeet (841228)

        Ya know I think the sentence would be fair if he did the right kind of time instead of just sitting in a cell for his time. Here in AR we have what is called "The Hoe Squad" where they drag your ass out of bed at dawn and you work your damned ass off until sundown in the fields earning your keep.

        I've seen video footage on one of those "world's wildest" where a guy drove a car that was on fire with a wheel gone flying low, nearly flipping who knows how many times, just so he could cross the TN border to kee

        • 675,000 people taking 10 minutes to call their card company works out to over 100,000 hours of lost productivity. So, not as much as a mini-game on Google, but I'd still say that adversely impacted the economy.
    • by Sir_Sri (199544)

      ya, I mean one can quibble over the exactly extent of the sentence or whatever, but that belongs on a law site. Steal credit card info, get caught, get convicted, get punished. Sounds about right.

      It's not exactly clear if they mean he gained 36 million from this, or if that's just the value of the fraud on the cards. I remember here in canada we had a similar story years ago, and there are various levels of intermediaries. The hacker gets paid to get the card info, they sell it to a clearing house who r

    • Re: (Score:2, Troll)

      by Alien Being (18488)

      No fucking way. I'd say he deserves at least two years per $1M. Just kill him now.

      • Re: (Score:2, Interesting)

        by Anonymous Coward

        No fucking way. I'd say he deserves at least two years per $1M. Just kill him now.

        You're likely a troll, but I'll bite anyway:

        Really? This guy is playing the same game called Capitalism that everyone else is playing. Megacorporations, oil companies, banks, etc., get away with theft (and much worse) on scales that are orders of magnitude greater, affecting much more people and in more extreme ways.

        They'll never spend a day in any kind of prison. With that in perspective, the sentence this guy is getting is unjustly harsh.

      • Put him in a cell with someone whose old parents couldn't pay their heating bills because his abuse stripped their credit cards. And hope that someone likes boys with pretty mouths.

        • Please excude my crudity: But my (quite old) father had an identity theft problem last year, that made it hard for him to get his heart medications, and I'm still very angry about it. The confusion and delays could have been fatal.

        • by dugeen (1224138)
          Someone who openly fantasises about people being raped in prison is an unsuitable person to pass judgement on a credit card fraudster. You and he are both on the same level of degeneracy.
    • To put it in context, that's 7 minutes, 47.52 seconds in prison per card number, or about 8.8 seconds per dollar in losses.

      At that rate it's positively profitable to steal card numbers!

    • by Gerzel (240421)

      Indeed. With the US and other capitalist nations the amount of time served for stealing funds is inversely related to the amount of funds stolen. If you steal enough you are lauded for your performance.

    • by izomiac (815208)
      ($36,000,000 - $100,000) / 10 years = $3.59 Million per year
      $3,590,000 / (365.25 * 24) = $409 per hour

      So, how many people would like a job that paid $409/hour and got paid up-front? Now, surely any ill-gained assets were seized, but still, the probability of being caught is low enough for this to make perfect economic sense.
  • by icebike (68054) on Sunday July 24, 2011 @05:56PM (#36865332)

    Ten years means he will probably enjoy the fruits of his labor at 35, when he retires with some of that 36 million (or the other multi-millions the feds never found) that he squirreled away off shore.

    • Eats funds fast and the club feds are not what they just to be.

    • Leading to losses totalling 36 million does not mean that he personally stole 36 million. He may have just had a commission--at that quantity, he sounds like a wholesaler.

    • by hansraj (458504) on Sunday July 24, 2011 @06:05PM (#36865406)

      Losses incurred probably include things like time lost in canceling a card and issuing new one. The wordings of TFA don't make it clear whether he used all those cards or he just sold it to other criminals, so I have no idea how much this guy directly made.

    • by erroneus (253617)

      That's a ridiculous assumption. This guy was stupid enough to get caught. I seriously doubt he was smart enough to be able to hide the money. $36 million was mentioned but that's against CC accounts that have been bought and sold by him and doesn't prove or even indicate that he actually even used any of those cards himself. And the article identifies him as a career identity thief. "ID Theft" (Identity Fraud) doesn't usually involve the use of existing credit accounts, but rather it usually involves o

    • by Kittenman (971447)

      Ten years means he will probably enjoy the fruits of his labor at 35, when he retires with some of that 36 million (or the other multi-millions the feds never found) that he squirreled away off shore.

      Don't drop the soap in the shower in the meantime.

  • Rogelio Hackett (Score:5, Interesting)

    by russ1337 (938915) on Sunday July 24, 2011 @06:10PM (#36865460)

    The Mr Hackett was destined to become a hacker...

    ....researchers have found that people named Dennis are more likely to become dentists. An article, “Why Susie Sells Seashells by the Seashore,” finds that in the U.S. population the names Jerry, Dennis, and Walter rank 39th, 40th, and 41st among male first names. But in the national directory of the American Dental Association there are close to twice as many Dennises (482) as Walters (252) and Jerrys (270). “Similarly, people whose names begin with ‘Geo’ (e.g., George, Geoffrey) are disproportionately likely to do research in the geosciences (e.g., geology).”

    http://www.freakonomics.com/2009/04/24/yes-part-ii/ [freakonomics.com]

    • Our species is so shallow sometimes. I wonder if people named "Jesus" (Hey-Zeus) are more likely to become preachers, or if "Johns" are more likely to get hookers.
    • by Stellian (673475)

      What if the name Dennis was fashionable among the upper-middle class during the years the current generation of dentist was born, leading to a significantly higher propensity for a high-investment, high-income career for the children ?
      The guys of Freakonomics explained how children names become fashionable among the upper classes, and are then emulated by the lower classes; the upper classes then move to new names as the old names become mundane. Slutty names like Bambi and Brandy were at one point all the

  • by nimbius (983462) on Sunday July 24, 2011 @06:14PM (#36865480) Homepage
    do you accept visa or mastercard? ;)
  • by nzac (1822298) on Sunday July 24, 2011 @06:16PM (#36865512)

    Could he not have stoped at say 15M and taken an indefinite vacation to a non extradition country.

    • by arcite (661011)
      No he couldn't, because he was stupid and greedy.
    • by glwtta (532858)
      He couldn't, because he never made anywhere near that: the card numbers he stole "led to" losses of $36 mil, meaning he sold them to others who actually exploited the stolen identities (hence, 'trafficking').

      I doubt he made more than a few million, and really, who could live on that?
      • by jimicus (737525)

        This.

        There seems to be a perception - and it's not limited to /., I've seen it all over the place - that as soon as you're running a business that's turning over, say, £10 million per year, you're automatically going to be making an enormous income yourself and could theoretically sell the business and retire inside a couple of years.

        Truth is that in many businesses, a £10 million turnover realistically equates to about £500,000 net profit. Which sounds fantastic but it's only about 5% - a

  • by Fluffeh (1273756) on Sunday July 24, 2011 @07:05PM (#36865876)

    Given that 675,000 credit cards is a ten year prison sentence, I do wonder what the same sentence would have been if it was 675,000 tracks he downloaded - and if the two of these sentences are therefore proof that the law is tilted towards a specific type of industry?

  • by NynexNinja (379583) on Sunday July 24, 2011 @10:32PM (#36867098)
    The sentencing guidelines have been changed several times over the last 20-30 years regarding the penalties for this type of offence. In the 1980's or 1990's, had this guy been sentenced, he would likely be facing probation or at most a few months in jail, depending on his prior history. These days, they really throw the book at these people and the sentences are on par with murderers and other violent felonies. This man was born about 10 years too late, and was about 10 years older than he should have been when he committed these crimes. Also, I highly doubt the inflated numbers involved in the theft of the credit card data. The credit card companies have been known to dramatically inflate these losses, and then if you ask them for any sort of documentation proving any of it, the real numbers are somewhere around 1% of the original amount they specified. They probably claim this as a deduction on their taxes.
  • If he had 675k of MP3s on Bittorrent, I'm sure he'd have life in prison for costing the music industry 90 trillion in damages.

  • Big fucking Deal. Fucking whiners and such. I had 3K of fraudulent chargers against me last year. And while I could have been shafted when a minimum charge, come company took the hit instead and I paid nothing. That said, I still hope that was the same fucker.

    And at that much money, hopefully it won't be club fed. I also hope that some state gets its hands on him, and he ends up serving some time in a fuck you in the ass state pen with thugs and violent offenders.

    • I also hope that some state gets its hands on him, and he ends up serving some time in a fuck you in the ass state pen with thugs and violent offenders.

      Really, you're happy with thugs and violent offenders being given free sex slaves paid for by your tax dollars?

      If this country had a single ounce of sense we would just shoot the guy.

  • He almost certainly broke the laws of every state in the nation. Each state therefore can build a case against him while he is in prison. And since he made the statements, they would be easy cases to prosecute. I doubt he is going to Tahiti after his term.

  • Why is the U.S. Secret Service doing busting into a house in Georgia?
    Do they suspect the Georgian secret service of colluding with the perpetrator? Or Russian Mafia moles in the Georgian police?

"We learn from history that we learn nothing from history." -- George Bernard Shaw

Working...