TJX Update: Second Data Thief Pleads GuiltyWar-Driving Expert Faces 22 Years, $1 Million Fine The second conspirator/hacker in the biggest hacking case ever has been convicted of conspiring to electronically break into computer networks, steal credit and debit card information and sell it. He faces up to 22 years in prison and a $1 million fine.
Christopher Scott pled guilty to conspiracy, access device fraud, identity theft and unauthorized access to computer systems at TJX Companies, BJ Wholesale Clubs and other major U.S. retail firms. Scott appeared before a US District Judge in Boston, MA. to make his plea. As part of that agreement he will be forced to give back the $400,000 he made.
Scott, 25, of Miami, FL, followed the first hacker's move by pleading guilty. On September 11, Damon Patrick Toey pled guilty to four felony counts of aggravated identity theft, wire and credit card fraud. They are among 11 persons who were arrested in August (link to BIS Story: #930) in what has become the largest case of computer hacks in history, with more than 45 million credit card accounts being compromised.
Approximately 100 financial institutions are believed to be affected by this theft, vulnerable to fraud losses caused by cloned cards made by the hackers and used to buy goods and withdraw cash from ATMs. The other affected retailers include DSW, Office Max, Barnes and Noble, Boston Market, Sports Authority and Forever 21. However, this list of eight is not where the trail of victims ends, according to a court filing on September 10. Assistant U.S. Attorney Stephen Heymann states that forensic evidence and testimony from the hackers reveal that Toey, Scott and the other hacker conspirators may have broken into numerous other businesses that have not yet been publicly identified.
In the statement from the U.S. Attorney's office, Scott is cited as an expert in wireless hacking. He, along with Alberto Gonzalez, the gang's identified ring leader, "would 'wardrive,' scanning the airwaves in shopping strips in Miami from their cars looking for potentially vulnerable wireless access points." (See full statement: TJX Data Theft Conspirator Pleads Guilty
When a vulnerable network was found, the hackers broke into it and accessed the retailer's credit and debit card information, whether it was stored in data bases or moving across the network "in an unencrypted state."
The hackers then sold the stolen credit card information to other crime gangs overseas and also made counterfeit cards in order to draw out money of the credit card accounts.
The other nine defendants in this ongoing prosecution have been charged. Only one has eluded law enforcement's identification -- a person known only by the online nickname "Delpiero."