Forgot your password?
typodupeerror
Security

U.S. Govt. Appears To Have Nabbed Kurupt.su Carding Kingpin 44

Posted by Unknown Lamer
from the can-i-see-your-id dept.
tsu doh nimh writes "The Justice Department on Monday announced the arrest of a Dutch man wanted for coordinating the theft of roughly 44,000 credit card numbers. The government hasn't released many details about the accused, except for his name and hacker handle, 'Fortezza.' But data from a variety of sources indicates that Fortezza was a lead administrator of Kurupt.su, a large, recently-shuttered forum dedicated to carding and Internet fraud. Krebsonsecurity.com provides some background on Fortezza, who 'claimed to be "quitting the scene," but spoke often about finishing a project with which he seemed obsessed: to hack and plunder all of the other carding forums.'"
This discussion has been archived. No new comments can be posted.

U.S. Govt. Appears To Have Nabbed Kurupt.su Carding Kingpin

Comments Filter:
  • U.S. Govt. Appears To Have Nabbed Kurupt.su Carding Kingpin

    I thought he had something to do with sorting cotton fibres before spinning [wikipedia.org].

    • by Canazza (1428553)

      I misread it as Cardigan Kingpin, like he was selling bootleg Edinburgh Woollen Mill gear.

  • Spokeo (Score:1, Informative)

    by Anonymous Coward

    Just looked him up on Spokeo. Already updated to show him in jail. wow!

  • Good riddance (Score:5, Informative)

    by Anonymous Coward on Wednesday June 13, 2012 @11:10AM (#40309225)

    RTFA, Krebs almost seems sympathetic for the guy.
    I don't care much for the whole extradition-to-the-US thing, but this is not your average whitehat/greyhat hacker, highlighting security issues by breaking systems, or for the lulz.
    This is card skimming pond scum, doing it for profit. Good riddance, I say.

    • by 1s44c (552956)

      RTFA, Krebs almost seems sympathetic for the guy.
      I don't care much for the whole extradition-to-the-US thing, but this is not your average whitehat/greyhat hacker, highlighting security issues by breaking systems, or for the lulz.
      This is card skimming pond scum, doing it for profit. Good riddance, I say.

      Exactly. I don't get the sympathy for this thief, he stole from thousands and deserves to be locked up for a while.

  • by 1s44c (552956) on Wednesday June 13, 2012 @11:15AM (#40309265)

    Anyone checking my post history will see I'm pretty critical of the US, but good work on this one Team America!

    Lets see how Dutchie-Boy likes the US prison system.

    • by alen (225700)

      21 and facing decades in a US jail where the other criminals are mean?

      why can't he just say i'm sorry, i learned my lesson and be done with it?

      • by csumpi (2258986)

        21 and facing decades in a US jail where the other criminals are mean?

        why can't he just say i'm sorry, i learned my lesson and be done with it?

        oh yeah, and why not give him a trophy for participating at the same time?

      • by Loughla (2531696)

        21 and facing decades in a US jail where the other criminals are mean?

        I feel like there's a saying for this sort of thing. Something about crime and punishment.

      • by Gr8Apes (679165)

        Lets see - 44,000 thefts, times probably 4-6 hours each to resolve for each victim.... let's be nice and call it 4 hours per theft - about 20 years. Yes, decades before being able to be paroled seems about right, although I'd go with treble damages due to the scale of the criminal activity, so 60 years before being eligible for parole seems quite reasonable and even kind.

        "Don't do the crime if you can't do the time"

        Scale and scope of the crime should not work in your favor by minimizing punishment.

  • coordinating the theft of roughly 44,000 credit card numbers

    What would that go for these days, about $440?

    • by 1s44c (552956)

      coordinating the theft of roughly 44,000 credit card numbers

      What would that go for these days, about $440?

      Who cares if the data went for a cent. It affected the lives of 44,000 people.

      Only banks and governments are allowed to perform wide scale theft, this guy was nether so it's jail time for him.

  • I'll bet Hallmark is just as thrilled.

  • by cdrguru (88047) on Wednesday June 13, 2012 @12:00PM (#40310001) Homepage

    One huge problem is the FBI decided that credit card fraud - any type - is "Identity Theft" and that is how their reporting structure works. This hugely inflates the amount of "Identity Theft" that is reported giving a big leg up to the probably bigger scam artists at Lifelock. No matter how much credit card fraud costs merchants, the number is dwarfed by the amount of money going to Lifelock and other "identity protection" thieves.

    Now, who really is affected by credit card fraud? Certainly not the banks - fraudulent charges are simply charged back to the merchant. Does it hurt the card holder? Well, not really. If you get a charge on your bill that you didn't make you do not have to pay it. Most of the time the credit card company is already aware of the fraudulent use and has taken such charges off the bill. Now, the card company almost certainly will want to change the card number and set you a new card and that can be somewhat inconvenient, but that is about it. Well, what about the merchant? If you are in the business of taking credit cards for almost any retail business you have insurance that covers this sort of thing. The merchant is paying for this insurance, so they might as well use it. I guess we are all paying a little bit for this because the merchants might save a few pennies on their general business insurance if they didn't need this coverage. So figure that when you go to a store you are paying $0.000001 more to cover the credit card fraud insurance.

    So who loses? The insurance company? Not really. The merchant that is silly enough not to have insurance? Probably. Certainly nobody else is losing anything in this which is why it is not prosecuted in the US - nobody actually using a fraudulent card ever gets even arrested. They do take the card away if you are using a fake card, which obviously doesn't apply when credit card fraud is done through the Internet.

    So really this is almost a vicimless crime that affects nobody. So your credit card number is used fraudulently... big deal... get a new card and move on.

    Did you know that a fresh credit card number is worth about $0.50 on the open market today? This means that every time you use a card with a human involved it is a good chance they are collecting card numbers. A guy working in a restaurant can make an extra $50 a week easily just collecting numbers and such from cards handed over by customers. There is little risk with this as at worst he might get fired if caught. The police will not even arrest someone for this sort of activity.

    Yes, I get a credit card used fraudulently at least once a year. I get a call about some silly charge that someone tried to make and they take it off the bill. End of story. The guy this posting is about is evidently higher up the food chain enough that someone thinks he is worth prosecuting, but I doubt it goes anywhere. There just isn't anyone losing out enough to justify spending anyone's time and money prosecuting folks like this. So it will continue and get more and more prevalent.

    • by guises (2423402) on Wednesday June 13, 2012 @12:29PM (#40310503)
      It's certainly not victimless: any merchant who doesn't have insurance is getting screwed by the fraudster, any merchant who does have insurance (because of all the credit card fraud) is getting screwed by the insurance company.

      Your numbers are also off - good credit card numbers can go for $30 - $45 depending on the type of card and where it's from:

      http://www.npr.org/blogs/money/2011/06/16/137181702/the-tuesday-podcast-inside-the-credit-card-black-market [npr.org]

      and the idea that a guy working in a restaurant would do this... Well, if he was very stupid then maybe. But he'd get caught in no time once this restaurant was identified as a common point of use between all these stolen cards.
      • by thoromyr (673646)

        Unfortunately you are wrong on at least one point: the guy in the restaurant is unlikely to ever be fingered for skimming. If the restaurant were identified (which it won't be) it won't be likely he works there anymore (check out the employee turn over in food services some time). But lets get to the notion that someone is working to find correlation to determine the point of loss: lots of luck, there are simply too many ways for a card to be compromised. For example:

        1. restaurants
        2. card readers
        3. malware

    • by moeinvt (851793)

      "Did you know that a fresh credit card number is worth about $0.50 on the open market today?"

      I didn't know that, and I doubt it. That might be the cut that the carder gives to the bus-boy, but it's my impression that the mag stripe data is worth a lot more than that on the open market.

  • Can you now be charged for simply setting up and administering a carding forum? I RTFA but only skimmed the indictment. Not saying that this is all the guy was doing. Just curious. I think they've taken down most of these guys because they are not only administering the site, they're also active participants in the commerce.

    "he actively hacked into and absconded with stolen card data taken from other fraud forums."

    IANAL, but how can they prosecute you for stealing stolen stuff? Wouldn't this be like be

    • by ArcadeNut (85398)

      IANAL, but how can they prosecute you for stealing stolen stuff?

      Really? IANAL either, but theft is theft. It doesn't matter how many layers you put between yourself and the owner...

      Heck you can go to jail for BUYING stolen goods if you should have known they were stolen.

  • by Zontar_Thing_From_Ve (949321) on Wednesday June 13, 2012 @03:27PM (#40313087)
    Anybody wonder what the .su domain refers to? It's the Soviet Union. They haven't existed since 1991. Yet somehow people are still allowed to register under the domain.

A consultant is a person who borrows your watch, tells you what time it is, pockets the watch, and sends you a bill for it.

Working...