Was the Target credit card robbery the largest amount of stolen $$ in civil cybercrime ever?

[Leo_Bloom]

1. See subject. See brilliant journalism in BusinessWeek: Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It The “civil” hedge in this OP hed links it to old-fashioned bank heist, etc., as opposed to the huge financial damage caused by military cyber attacks.

2. Heck, let’s include non-heists, the $$ damage of corporate vandalism.

Expanding the OP:

3. Why didn’t Interpol–can they?-- or the Russians–they’re crooked and bought off?–simply fuck up Rescator and the Odessa site beforehand, or the ones now operating?

4. How can Odessa’s market exist so openly? Which brings me to something I never understand about capturing the slippery little buggers, both the code and the creators. I know a little about the history of ThePirateBay, but even then, when the shit hit the fan, they were uprooted.

Now, this is question: at least at some basic level at some time or another this is a matter of physical servers also, right? That’s how I’m getting the reason for Cyberbunker, in addition to the Dr. Evil vibe.

Some bad guy has to boot up something somewhere, right? Even if, say, he’s storing all his booty on my account somehow, he’s got to get at it? Or since everything exists as data, including bank accounts, if the code is good enough it pumps out bank money so well it gets thoroughly laundered?

Of course, by that reasoning, the best codes are still at it, skimming away just enough not to get noticed.
I’m all confused.

[Leo_Bloom]

Add to OP: Any comments on the BusinessWeek article, on what it missed or willingly or not skipped over to its detriment, would be most welcome.

Leo

[Dewey_Finn]

It seems to me that no actual money was stolen in the Target credit card case; just millions of credit and debit card numbers and other personal information. Now this could lead to fraudulent use of those card numbers, but given that, how can you determine if it’s the “largest amount of stolen $$ in civil cybercrime ever”?

[bordelond]

Dewey_Finn:

It seems to me that no actual money was stolen in the Target credit card case; just millions of credit and debit card numbers and other personal information.

Correct – they got data for sure. Did they, confirmably, get actual dollars with that data?

I don’t have any idea, but I do wonder. For any cardholder that used their CC or debit card at Target during the relevant period, my bank automatically replaced their “stolen” card with a new card. Did any banks or CC companies NOT do that?

[Folly]

bordelond:

Correct – they got data for sure. Did they, confirmably, get actual dollars with that data?

I don’t have any idea, but I do wonder. For any cardholder that used their CC or debit card at Target during the relevant period, my bank automatically replaced their “stolen” card with a new card. Did any banks or CC companies NOT do that?

American express didn’t replace our card until we reported some fraudulent activity and then they replaced it immediately. I’m sure we could have reported it stolen and requested another card earlier.

Whoever took the data seems to be actually trying to use the numbers. Ours was used a few months later for hotel.com. The first thing, American Express asked, “Are you sure you didn’t book a trip and forget about it?” :rolleyes:

I wonder how much money the thieves made with all the publicity and replacement of cards though.

[Buck_Godot]

The bit coin theft in February was valued over $300 million. Given that many of the cards will be canceled and it takes some effort to turn a stolen credit card number into cash, I doubt that they Target perpetrators will be able to reap that large a sum.

[Duckster]

The Experian data theft of personal and financial records is excess of 200 million records. Strangely, the story hasn’t hit the news like the Target data breach but the story originated from the same source.

[Amateur_Barbarian]

We got hit by the Target breach and another one, on separate cards (not Neiman-Marcus, whatever the third big one was). One card was used for a $1400 purchase on StubHub but we had no net impact except replacement cards. (A pain, as one was used for all online subscriptions and it took an hour to update them all…)

But yeah, I don’t think there’s any way to assign a theft amount to the breach. Maybe somewhere down the road attempted/successful theft totals will be released.

[Dewey_Finn]

Buck_Godot:

The bit coin theft in February was valued over $300 million. Given that many of the cards will be canceled and it takes some effort to turn a stolen credit card number into cash, I doubt that they Target perpetrators will be able to reap that large a sum.

The value I heard for the Mt Gox theft is that the bitcoins were worth about $460 million at the time. The OP mentions that 40 million credit card numbers were stolen from Target and I’ve read elsewhere that stolen credit card numbers sell for about four bucks each, so that would indicate that the Target credit card robbery was not, in fact, the “largest amount of stolen $$ in civil cybercrime ever”.