2 British Hackers, 18, Seized in Costly Break-Ins
- Share via
WASHINGTON — Two 18-year-old boys were arrested in Britain on charges of breaking into e-commerce Internet sites in five countries, stealing information on more than 26,000 credit card accounts and posting some of it on the Web, the FBI said Friday.
Many of the credit cards belonged to U.S. citizens, Michael Vatis, head of the FBI’s National Infrastructure Protection Center, said.
The pair was arrested in connection with intrusions into nine e-commerce Web sites in the U.S., Canada, Thailand, Japan and the United Kingdom over the last several months, he added.
The two, whose names were withheld under British law, were arrested Thursday at their home in Clynderwen in southwest Wales by the Dyfed-Powys Police Service, FBI spokeswoman Debbie Weierman said. They were released on bail after interrogation, police said.
The intrusions, conducted under the screen name “Curador,” could result in losses of more than $3 million, the FBI estimated.
That amount would cover the credit card industry’s average cost of closing more than 26,000 accounts and issuing new cards, Vatis said. He said there would be other costs, including repair of the Internet sites and any losses suffered by credit card holders whose numbers were improperly used.
“Curador” most recently claimed credit for obtaining 23,000 credit card numbers and publishing 6,500 of them on Web sites.
Vatis said some of the postings contained a credit card number along with its accompanying expiration date, name, address and telephone number. Some of the information was posted on the Angelfire Web site, Vatis said.
Computer experts believe a 2-year-old security hole in Microsoft Corp.’s Internet Information Server software let a hacker download thousands of credit card numbers from e-commerce sites and post them on the Internet. A patch has been available for 18 months, but small companies have not had the resources to employ it.
