your mail

Rabid Wombat wombat at mcfeely.bsfs.org
Mon Sep 1 09:48:02 PDT 1997 




On Mon, 1 Sep 1997, bureau42 Anonymous Remailer wrote:

> Rabid Wombat wrote:
> > 
> > On Mon, 1 Sep 1997, Anonymous wrote:
> > 
> > > "Smak" delivered an encrypted CD containing over 100,000 stolen
> > > credit card numbers. After the validity of the credit card information
> > > was confirmed through decryption of the data on the CD, "Smak" was
> > > taken into custody by the FBI.
> > >
> > >   And the 100,000 people were immediately notified that their credit
> > > cards had been compromised? I fucking doubt it. Better to screw over
> > > 100,000 citizen-units than expose the incompetence of a few companies
> > > and the government's fight against strong encryption and computer
> > > security.
> > 
> > I was recently notified by a bank that issued one of my credit cards that
> > my card number had been sold, along with thousands of other account
> > numbers, to an undercover FBI agent. The bank canceled my account, opened
> > a new one, and overnighted a replacement card. No big deal, and no loss
> > to me.
> > 
> > OTOH, it *might* have been in response to a different incident. Keep
> > those paranoid rants coming.
> 
>   Why don't you tell us the name of the company that has such lousy
> computer security that your credit was placed in jepoardy, so that we
> can decide if we want to avoid doing business with them?
> 

Based on what I've seen so far, the account numbers were more likely to 
have been obtained from the databases of merchants than from banks. If 
the bank was cracked, there would have been many more card numbers from 
one bank on the CD, rather than a distribution of account numbers issued 
by many institutions. I doubt that someone managed to crack a dozens of 
banks, and then took only a few thousand numbers from each. It is more 
likely that "widgets R us" was compromised, resulting in a few thousand 
accounts from each of the major banks.

I suppose I could look back over a few year's worth of statements, and 
tell you where *not* to shop, but I'd be listing all merchants I'd done 
business with as being equally guilty, when it is very likely that only 
one was compromised.

My guess is that Smak had inside access to a particular merchant's 
system, but I've been wrong before.

-r.w.

More information about the cypherpunks-legacy mailing list