Details of the largest US hacking and identity theft ever are now emerging, as the Department of Justice has made public the charges returned for the eleven members of the international group behind a massive retail credit / debit card hacking scheme. The hackers, three of which are American, one Estonian, three from Ukraine, two from China and one from Belarus, are believed to be responsible for the theft and sale of over 40 million credit and debit card numbers from such retailers as Barnes & Noble, OfficeMax, Forever 21, Boston Market and Sports Authority.

The hackers gathered massive amounts of confidential data by accessing the wireless networks of these retailers and installing so-called “sniffer” programs, which collected card numbers, account information and passwords, which the gang members then stored in encrypted US and Easter Europe servers. The next step was either to sell the information to various other criminal organisations or to cash out on the stolen data directly by transferring the card information onto blank cards and thus gaining direct access to millions of dollars. The proceeds were then laundered through the use of anonymous Internet-based currencies and by manipulating funds via Eastern Europe banks.

Due to the vastness and complexity of the fraud operation, which took place in US, Ukraine, China, Turkey, Estonia and Thailand, the exact amount of the damages caused by the credit / debit card hacking scheme is not yet known. However, US prosecutors warn that the profits of one gang member alone (who was by no means the leader of the operation) exceed USD 11 million. Further data on the scale and logistics of the scheme will become available as the trial progresses.