Feds Charge Hacker in POS Attacks

Seattle Attacks Resulted in Underground Sale of Credit Cards
Feds Charge Hacker in POS Attacks

Federal authorities in Seattle have filed multiple charges against a Dutch hacker living in Romania for allegedly marketing and selling credit card details about thousands of accounts on underground online forums.

See Also: Hunt Cloud Threats or Be Hunted | CISO Guide to Cloud Compromise Assessments

David Benjamin Schrooten, also known as "Fortezza," was charged with conspiracy, access-device fraud, bank fraud, intentional damage to a computer and aggravated identity theft, according to a statement from the U.S. Attorney for the Western District Of Washington.

In the Western District of Washington alone, Schrooten is suspected of selling details about more than 180,000 accounts that have been connected to recent cyberfraud cases, the statement notes.

The 14-count indictment claims Schrooten played a prominent role in the international computer hacking community. A Seattle-based accomplice, Christopher A. Schroebel, hacked point-of-sale systems at two Seattle area businesses to obtain card numbers that Schrooten later sold online, prosecutors say.

"This defendant has wrought havoc on victims and financial institutions around the world," says U.S. Attorney Jenny A. Durkan, who chairs the Attorney General's Advisory Committee on Cybercrime and Intellectual Property Enforcement. "This indictment alleges that in just one transaction he trafficked in as many as 44,000 stolen credit card numbers resulting in millions of dollars in losses to financial institutions. Cybercriminals need to know: We will find you and prosecute you."

In March, Schrooten was arrested in Romania. He arrived in Seattle on June 9 and appeared in District Court on June 11 and pleaded not guilty to all charges. His trial date has been set for Aug. 20.

If convicted on the bank fraud charges, he could face up to 30 years in prison and a $1 million fine. The charges brought against him for access-device fraud and damaging a protected computer could carry a sentence of up to 10 years in prison and a $250,000 fine. For conspiracy, he could get five years in prison and a $250,000 fine. Aggravated ID theft carries a mandatory consecutive two-year prison term.

Schroebel was arrested in November 2011 and pleaded guilty last month. His sentencing date has been set for Aug. 10.

The Scheme

According to the indictments, Schroebel hacked into the POS systems of a restaurant in the Magnolia, a neighborhood of Seattle, and a restaurant supply store in Shoreline, Wash. After he gained access to the networks, he launched malware and copied the personal information and details linked to credit card transactions at the terminals.

The malware transmitted the card information to a Kansas server controlled by Schroebel.

Investigators say Schroebel stole at least 4,800 credit card numbers, as well as security information. He then allegedly worked with Schrooten to build "carding websites," to sell the card details to criminals on underground forums.

Schrooten's international link to card fraud is well documented, authorities say. "Solving this case would not have been possible without the assistance and cooperation of our partners in the Secret Service and the Romanian National Police," says Assistant Seattle Police Chief Jim Pugel.

International law enforcement agencies have been collaborating more frequently to take down global credit card schemes. In May, investigators in the U.S., the U.K., Germany, the Netherlands, Ukraine and Romania announced they had shuttered 36 underground websites where international hackers were selling stolen debit and credit data. In all, card details about more than 2.5 million accounts were found on the sites (see Websites Selling Stolen Cards Foiled).

No connection was made between Fortezza's and the takedown of those sites, according to the Seattle U.S. Attorney's Office.

Schrooten's Underground Role

Security blogger Brian Krebs wrote this week that he had been following Fortezza's activity in underground forums and sites that sell stolen card details since 2011.

"At the time, he was administrator (or at least one of the administrators) of Kurupt," an underground card-selling site Fortezza allegedly created two years ago, Krebs writes.

Krebs and many of the hackers who post in the forum had speculated for months about Fortezza's whereabouts, since he had not active. Krebs says his last communication with Fortezza was in March. Shortly thereafter, Kurupt.su disappeared from the Web.

About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.