{"page":"\u003clink rel=\"stylesheet\" href=\"https://lessonplanet.com/assets/packs/css/resources-c03aa079.css\" /\u003e\n\u003clink rel=\"stylesheet\" href=\"https://lessonplanet.com/assets/packs/css/lp_boclips_stylesheets-517835be.css\" media=\"all\" /\u003e\n\u003cdiv data-title='Indictment of card hacker unlikely to end thefts' data-url='/boclips/videos/5c54bba8d8eafeecae126b81' data-video-url='/boclips/videos/5c54bba8d8eafeecae126b81' id='bo_player_modal'\u003e\n\u003cdiv class='boclips-resource-page modal-dialog panel-container'\u003e\n\u003cdiv class='react-notifications-root'\u003e\u003c/div\u003e\n\u003cdiv class='rp-header'\u003e\n\u003cdiv class='rp-type'\u003e\n\u003ci aria-hidden='true' class='fai fa-regular fa-circle-play'\u003e\u003c/i\u003e\nVideo\n\u003c/div\u003e\n\u003ch1 class='rp-title' id='video-title'\u003e\nIndictment of card hacker unlikely to end thefts\n\u003c/h1\u003e\n\u003cdiv class='rp-actions'\u003e\n\u003cdiv class='mr-1'\u003e\n\u003ca class=\"btn btn-success\" data-posthog-event=\"Signup: LP Signup Activity\" data-posthog-location=\"body_link_boclips\" data-remote=\"true\" href=\"/subscription/new\"\u003e\u003cspan\u003e\u003cspan\u003eGet Free Access\u003c/span\u003e\u003cspan class=\"\"\u003e for 10 Days\u003c/span\u003e\u003cspan\u003e!\u003c/span\u003e\u003c/span\u003e\u003c/a\u003e\n\u003c/div\u003e\n\u003c/div\u003e\n\u003c/div\u003e\n\u003cdiv class='rp-body'\u003e\n\u003cdiv class='rp-info'\u003e\n\u003cdiv aria-label='Hide resource details' class='rp-hide-info' role='button' tabindex='0'\u003e\u0026times;\u003c/div\u003e\n\u003ci aria-label='Expand resource details' class='rp-expand-info fai fa-solid fa-up-right-and-down-left-from-center' role='button' tabindex='0'\u003e\u003c/i\u003e\n\u003ci aria-label='Compress resource details' class='rp-compress-info fai fa-solid fa-down-left-and-up-right-to-center' role='button' tabindex='0'\u003e\u003c/i\u003e\n\u003cdiv class='rp-rating'\u003e\n\u003cspan class='resource-pool'\u003e\n\u003cspan class='pool-label'\u003ePublisher:\u003c/span\u003e\n\u003cspan class='pool-name'\u003e\n\u003cspan class='text'\u003e\u003ca data-publisher-id=\"30356011\" href=\"/search?publisher_ids%5B%5D=30356011\"\u003eCurated Video\u003c/a\u003e\u003c/span\u003e\n\u003c/span\u003e\n\u003c/span\u003e\n\u003c/div\u003e\n\u003cdiv class='rp-description'\u003e\n\u003cspan class='short-description'\u003eWashington, DC - 18 August, 20091. Various exteriors of 7-Eleven storesManhattan Beach, California - 18 August, 20092. Establishing shot of Kevin Mitnick, Computer Security Consultant - Ex Hacker2. SOUNDBITE: (English) Kevin Mitnick,...\u003c/span\u003e\n\u003cspan class='full-description hide'\u003eWashington, DC - 18 August, 2009\u003cbr/\u003e1. Various exteriors of 7-Eleven stores\u003cbr/\u003eManhattan Beach, California - 18 August, 2009\u003cbr/\u003e2. Establishing shot of Kevin Mitnick, Computer Security Consultant - Ex Hacker\u003cbr/\u003e2. SOUNDBITE: (English) Kevin Mitnick, Computer Security Consultant - Ex Hacker\u003cbr/\u003e\"Most of these companies have an internet presence, which means their networks are tied to the internet in such a way. And what hackers do is they look for vulnerabilities, for example they will go to a company's website and they'll look for vulnerabilities in the web application, as what happened in the Heartland Payment Systems case. They find these vulnerabilities, they get their foot in the door and then they go through other steps and, in this case, they planted malicious software that secretly monitored their communications and eventually it lead them to the computers that actually process credit card transactions. They installed some software to sniff or monitor the transactions and were able to make off with all these credit card numbers.\"\u003cbr/\u003eFILE: Los Angeles, California - 19 May 2008\u003cbr/\u003e4. Various of credit cards and magnetic credit card writers\u003cbr/\u003eFILE: Wisconsin - 26 September 2008\u003cbr/\u003e5. Various of consumers shopping and tills ++MUTE++\u003cbr/\u003eManhattan Beach, California - 18 August, 2009\u003cbr/\u003e6. SOUNDBITE: (English) Kevin Mitnick, Computer Security Consultant - Ex Hacker:\u003cbr/\u003e\"Probably where these card numbers would end up is they'd be sold on carder forums, they'd be sold to the Russian business network to be made into counterfeit cards and then they'll have mules go on shopping sprees and purchase merchandise. That merchandise will be fenced. The next step, which I'm surprised didn't happen in this case, is for them to try to get the PIN codes to credit cards and debit cards because then you can get instant cash but in this case probably what was available was the customer's name, their address, their zip code and their card number and expiration date. And so with those pieces of information there's limited damage they can do.\"\u003cbr/\u003eFILE: Wisconsin - September 26, 2008\u003cbr/\u003e6. Various of consumers using credit card machines ++MUTE++\u003cbr/\u003eManhattan Beach, California - 18 August, 2009\u003cbr/\u003e7. SOUNDBITE: (English) Kevin Mitnick, Computer Security Consultant - Ex Hacker\u003cbr/\u003e\"Today we're talking  about 130 (m) million credit cards stolen. It will happen again. Because while Heartland might secure their systems adequately now and in the future, there'll always be another processor out there that will be vulnerable.\"\u003cbr/\u003eFILE: Wisconsin - September 26, 2008\u003cbr/\u003e8. Consumer using credit card machine ++MUTE++\u003cbr/\u003eThis week's indictment of a hacker believed responsible for the biggest retail-store data breaches in US history won't necessarily make shoppers safer from having their credit card numbers plundered, experts say.\u003cbr/\u003eAccomplices to the crimes are believed to be on the loose in Russia or other countries where US authorities are less likely to get them. \u003cbr/\u003eAnd the underlying security holes mined by the hackers still exist in many payment networks, experts say.\u003cbr/\u003eComputer security consultant and former hacker Kevin Mitnick says it will happen again.\u003cbr/\u003e\"While Heartland might secure their systems adequately now and in the future, there'll always be another processor out there that will be vulnerable.\"\u003cbr/\u003eAlbert Gonzalez, a Miami hacker who once worked as a government mole tracking down identity thieves, is accused of playing a critical role in all the largest credit-card heists on record.\u003cbr/\u003eWith Monday's indictment of Gonzalez on conspiracy charges in US District Court in New Jersey, the Justice Department says he helped steal 130 (m) million card numbers from payment processor Heartland Payment Systems, 4.2 (m) million card numbers from East Coast grocery chain Hannaford Bros. and an undetermined number of cards from 7-Eleven.\u003cbr/\u003eHe was previously charged in other computer break-ins, most significantly at TJX Cos., the chain that owns discount retailers T.J. Maxx and Marshalls, in which as many as 100 (m) million accounts were lifted.\u003cbr/\u003eGonzalez is in jail and awaiting trial next month in New York for allegedly helping to hack the computer network of the Dave and Buster's restaurant chain. Attorneys for Gonzalez did not comment to The Associated Press.\u003cbr/\u003eThe fact that hundreds of (m) millions of card numbers could be stolen from retailers illustrates the flaws in a payment system that's built more for speed than security, as an Associated Press investigation found this year. \u003cbr/\u003eFor instance, credit and debit card numbers are not always encrypted as they move from retail stores to banks for approval.\u003cbr/\u003eConsumers don't directly pay the costs of most fraud. Banks and retailers eat those charges. But consumers bear it indirectly, in the form of higher prices.\u003cbr/\u003eAccording to prosecutors, Gonzalez and his associates exploited vulnerabilities that remain widespread. \u003cbr/\u003eAmong them: flaws in the way retailers' computers handle requests in the so-called Structured Query Language (SQL), which is used to manage data - such as credit card information - stored in databases. \u003cbr/\u003eHackers who detect these holes can trick databases into coughing up more information than they should.\u003cbr/\u003eMitnick said that hackers look for \"vulnerabilities.\"\u003cbr/\u003e\"For example they will go to a company's website and they'll look for vulnerabilities in the web application, as what happened in the Heartland Payment Systems case.\"\u003cbr/\u003e\"They planted malicious software that secretly monitored their communications and eventually it lead them to the computers that actually process credit card transactions. They installed some software to sniff or monitor the transactions and were able to make off with all these credit card numbers,\" explains Mitnick referring to the Heartland case.\u003cbr/\u003eAuthorities allege Gonzalez and the others infiltrated the Heartland, Hannaford and 7-Eleven computer networks using SQL-based attacks.\u003cbr/\u003eIn a statement on Tuesday, 7-Eleven Inc., which hadn't commented on its breach before, said the attack affected ATMs operated by a third party inside its stores and lasted for 12 days in 2007. \u003cbr/\u003eThat is likely referring to an attack in which criminals infiltrated Citibank's network of ATMs inside 7-Eleven stores and stole the mother lode in the ID theft world: customers' PIN codes. Neither 7-Eleven nor Citibank would elaborate on Tuesday.\u003cbr/\u003eSecurity experts also noted that Gonzalez's latest indictment charges two unnamed co-conspirators who live \"in or near Russia\" and allegedly helped with the attacks.\u003cbr/\u003eConsumers don't have many options for monitoring whether the stores they frequent are good at protecting their card numbers. \u003cbr/\u003eStores aren't given public grades on their computer security, like the scores restaurants get on their cleanliness in some places. The best advice: Regularly check your credit reports for suspicious activity, and set free fraud alerts with the credit-reporting agencies.\u003cbr/\u003eIn this case, the thieves might have failed by being too successful. It's hard to unload hundreds of (m) millions of stolen credit card numbers on the black market.\u003cbr/\u003eOr, as Mitnick says, \"probably what was available was the customer's name, their address, their zip code and their card number and expiration date. And so with those limited piece of information there's limited damage they can do.\"\u003cbr/\u003eExperts said criminals usually sell stolen card numbers in batches of 10-thousand or less. \u003cbr/\u003eThat helps avoid drawing the attention of law enforcement and the card providers, which might replace cards pre-emptively if they see a mound of them being fenced. \u003cbr/\u003eMany of the card numbers stolen in the breaches cited in the Gonzalez indictment have already been cancelled and replaced.\u003cbr/\u003e\u003c/span\u003e\n\u003c/div\u003e\n\u003cdiv class='action-container flex justify-between'\u003e\n\u003cbutton aria-expanded='false' aria-label='Read more description' class='rp-full-description' type='button'\u003e\n\u003ci class='fai fa-solid fa-align-left'\u003e\u003c/i\u003e\n\u003cspan id='read_more'\u003eRead More\u003c/span\u003e\n\u003c/button\u003e\n\u003cdiv class='rp-report'\u003e\n\u003c/div\u003e\n\u003c/div\u003e\n\u003cdiv aria-labelledby='resource-details-heading' class='rp-info-section'\u003e\n\u003ch2 class='title' id='resource-details-heading'\u003eResource Details\u003c/h2\u003e\n\u003cdiv class='rp-resource-details clearfix'\u003e\n\u003cdiv class='detail'\u003e\n\u003cdl\u003e\n\u003cdt\u003eCurator Rating\u003c/dt\u003e\n\u003cdd\u003e\u003cspan class=\"star-rating\" aria-label=\"3.5 out of 5 stars\" role=\"img\"\u003e\u003ci class=\"fa-solid fa-star text-action\" aria-hidden=\"true\"\u003e\u003c/i\u003e\u003ci class=\"fa-solid fa-star text-action\" aria-hidden=\"true\"\u003e\u003c/i\u003e\u003ci class=\"fa-solid fa-star text-action\" aria-hidden=\"true\"\u003e\u003c/i\u003e\u003ci class=\"fa-solid fa-star-half-stroke text-action\" aria-hidden=\"true\"\u003e\u003c/i\u003e\u003ci class=\"fa-regular fa-star text-action\" aria-hidden=\"true\"\u003e\u003c/i\u003e\u003c/span\u003e\u003c/dd\u003e\n\u003c/dl\u003e\n\u003c/div\u003e\n\u003cdiv class='detail'\u003e\n\u003cdl\u003e\n\u003cdt class=\"educator-rating-title\"\u003eEducator Rating\u003c/dt\u003e\u003cdd\u003e\u003cdiv class=\"educator-rating-details\" data-path=\"/educator_ratings/rrp_data?resourceable_id=1134339\u0026amp;resourceable_type=Boclips%3A%3AVideoMetadata\"\u003e\u003cspan class=\"not-yet-rated\"\u003eNot yet Rated\u003c/span\u003e\u003c/div\u003e\u003c/dd\u003e\n\u003c/dl\u003e\n\u003c/div\u003e\n\u003cdiv class='detail'\u003e\n\u003cdl\u003e\n\u003cdt\u003eGrade\u003c/dt\u003e\u003cdd title=\"Grade\"\u003eHigher Ed\u003c/dd\u003e\n\u003c/dl\u003e\n\u003c/div\u003e\n\u003cdiv class='detail'\u003e\n\u003cdl\u003e\n\u003cdt\u003eSubjects\u003c/dt\u003e\u003cdd\u003e\u003cspan\u003e\u003ca href=\"/search?grade_ids%5B%5D=259\u0026amp;search_tab_id=1\u0026amp;subject_ids%5B%5D=1216220\"\u003eAll Subjects\u003c/a\u003e\u003c/span\u003e\u003c/dd\u003e\n\u003c/dl\u003e\n\u003c/div\u003e\n\u003cdiv class='detail'\u003e\n\u003cdl\u003e\n\u003cdt\u003eMedia Type\u003c/dt\u003e\u003cdd\u003e\u003cspan\u003e\u003ca href=\"/search?grade_ids%5B%5D=259\u0026amp;search_tab_id=2\u0026amp;type_ids%5B%5D=4543650\"\u003eNews Clips\u003c/a\u003e\u003c/span\u003e\u003c/dd\u003e\n\u003c/dl\u003e\n\u003c/div\u003e\n\u003cdiv class='detail'\u003e\n\u003cdl\u003e\n\u003cdt\u003eSource:\u003c/dt\u003e\n\u003cdd\u003e\u003c/dd\u003e\n\u003c/dl\u003e\n\u003c/div\u003e\n\u003cdiv class='detail'\u003e\n\u003cdl\u003e\n\u003cdt\u003eDate\u003c/dt\u003e\n\u003cdd\u003e2009\u003c/dd\u003e\n\u003c/dl\u003e\n\u003c/div\u003e\n\u003cdiv class='detail'\u003e\n\u003cdl\u003e\n\u003ci aria-hidden='true' class='fai fa-solid fa-language'\u003e\u003c/i\u003e\n\n\u003c/dl\u003e\n\u003c/div\u003e\n\u003cdiv class='detail'\u003e\n\u003cdl\u003e\n\u003cdt\u003eAudiences\u003c/dt\u003e\u003cdd\u003e\u003cspan\u003e\u003ca href=\"/search?audience_ids%5B%5D=371079\u0026amp;grade_ids%5B%5D=259\u0026amp;search_tab_id=1\"\u003eFor Teacher Use\u003c/a\u003e\u003c/span\u003e\u003c/dd\u003e\u003cdd class=\"text-muted\"\u003e\u003ci class=\"fa-solid fa-lock mr5\"\u003e\u003c/i\u003e2 more...\u003c/dd\u003e\n\u003c/dl\u003e\n\u003c/div\u003e\n\u003cdiv class='detail'\u003e\n\u003cdl\u003e\n\n\u003c/dl\u003e\n\u003c/div\u003e\n\u003c/div\u003e\n\u003c/div\u003e\n\u003cdiv aria-labelledby='concepts-heading' class='rp-info-section'\u003e\n\u003ch2 class='title' id='concepts-heading'\u003eConcepts\u003c/h2\u003e\n\u003cdiv class='clearfix'\u003e\n\u003cdiv class='details-list concepts' data-identifier='Boclips::VideoDecorator' data-type='concepts'\u003eeurope, credit cards, wisconsin, shopping, russia, new york, indictments, california, eastern europe, identity theft, computer hardware, crime, north america, business\u003c/div\u003e\n\u003cdiv class='concepts-toggle-buttons' data-identifier='Boclips::VideoDecorator'\u003e\n\u003cbutton aria-expanded='false' class='more btn-link' type='button'\u003e\n\u003cspan\u003eShow More\u003c/span\u003e\n\u003ci aria-hidden='true' class='fa-solid fa-caret-down ml5'\u003e\u003c/i\u003e\n\u003c/button\u003e\n\u003cbutton aria-expanded='true' class='less btn-link' style='display: none;' type='button'\u003e\n\u003cspan\u003eShow Less\u003c/span\u003e\n\u003ci aria-hidden='true' class='fa-solid fa-caret-up ml5'\u003e\u003c/i\u003e\n\u003c/button\u003e\n\u003c/div\u003e\n\u003c/div\u003e\n\u003c/div\u003e\n\u003cdiv aria-labelledby='additional-tags-heading' class='rp-info-section'\u003e\n\u003ch2 class='title' id='additional-tags-heading'\u003eAdditional Tags\u003c/h2\u003e\n\u003cdiv class='clearfix'\u003e\n\u003cdiv class='details-list keyterms' data-identifier='Boclips::VideoDecorator' data-type='keyterms'\u003etechnology issues, happen, malware, general news, transactions, card number, software, computer hardware and software retail, monitor, piece, consumer products and services, personal computers, theft, hacking, consumer electronics, web applications, case, internet, restaurant operators, step, law and order, united states, industries, computing and information technology, lifestyle, heartland, consumer services, retail, vulnerabilities, sold, application software, merchandise, computer crime, happened, retail and wholesale, grocery store operators, multi-line retail, food services, tjx companies, inc.\u003c/div\u003e\n\u003cdiv class='keyterms-toggle-buttons' data-identifier='Boclips::VideoDecorator'\u003e\n\u003cbutton aria-expanded='false' class='more btn-link' type='button'\u003e\n\u003cspan\u003eShow More\u003c/span\u003e\n\u003ci aria-hidden='true' class='fa-solid fa-caret-down ml5'\u003e\u003c/i\u003e\n\u003c/button\u003e\n\u003cbutton aria-expanded='true' class='less btn-link' style='display: none;' type='button'\u003e\n\u003cspan\u003eShow Less\u003c/span\u003e\n\u003ci aria-hidden='true' class='fa-solid fa-caret-up ml5'\u003e\u003c/i\u003e\n\u003c/button\u003e\n\u003c/div\u003e\n\u003c/div\u003e\n\u003c/div\u003e\n\u003cdiv aria-labelledby='educator-ratings-heading' class='rp-info-section'\u003e\n\u003ch2 class='title sr-only' id='educator-ratings-heading'\u003eEducator Ratings\u003c/h2\u003e\n\u003cdiv id=\"educator-ratings-root\"\u003e\u003c/div\u003e\u003cdiv id=\"all-educator-ratings-root\"\u003e\u003c/div\u003e\u003cdiv id=\"educator-rating-form-root\"\u003e\u003c/div\u003e\n\u003c/div\u003e\n\u003c/div\u003e\n\u003cdiv class='rp-resource'\u003e\n\u003cdiv aria-label='Show resource details' class='rp-show-info' role='button' tabindex='0'\u003e\n\u003ci class='fai fa-solid fa-align-left'\u003e\u003c/i\u003e\nShow resource details\n\u003c/div\u003e\n\u003cdiv aria-label='Video player' class='player' id='player-wrapper' role='region'\u003e\n\u003cdiv class='relative container mx-auto' id='lp-boclips-visitor-thumbnail'\u003e\n\u003ca class=\"block\" data-html=\"true\" data-placement=\"bottom\" data-trigger=\"click\" data-content=\"\u003cdiv class=\u0026quot;text-center py-2\u0026quot;\u003e\u003ca class=\u0026quot;bold\u0026quot; href=\u0026quot;/auth/users/sign_in\u0026quot;\u003eSign in\u003c/a\u003e or \u003ca class=\u0026quot;bold text-danger\u0026quot; data-posthog-event=\u0026quot;Signup: LP Signup Activity\u0026quot; data-posthog-location=\u0026quot;body_link_boclips\u0026quot; data-remote=\u0026quot;true\u0026quot; href=\u0026quot;/subscription/new\u0026quot;\u003eJoin Now\u003c/a\u003e\u003c/div\u003e\" data-title=\"Get Full Access\" data-container=\"body\" rel=\"popover\" tabindex=\"0\" aria-label=\"Play video: Indictment of card hacker unlikely to end thefts\" href=\"/subscription/new\"\u003e\u003cimg class=\"resource-img img-thumbnail img-responsive z-10 lp-boclips-thumbnail w-full h-full lozad\" alt=\"Indictment of card hacker unlikely to end thefts\" title=\"Indictment of card hacker unlikely to end thefts\" onError=\"handleImageNotLoadedError(this)\" data-default-image=\"https://static.lp.lexp.cloud/images/attachment_defaults/resource/large/missing.png\" data-src=\"https://static.lp.lexp.cloud/images/attachment_defaults/resource/large/missing.png\" width=\"315\" height=\"220\" src=\"data:image/png;base64,R0lGODlhAQABAAD/ACwAAAAAAQABAAACADs\" /\u003e\n\u003cspan aria-hidden='true' class='flex justify-center items-center bg-white rounded-full w-16 h-16 absolute top-1/2 left-1/2 -mt-8 -ml-8 cursor-pointer z-0 border-2 border-primary drop-shadow-md lp-boclips-thumbnail-playBtn'\u003e\n\u003ci class='fa-solid fa-play text-primary text-3xl ml-1 drop-shadow-xl'\u003e\u003c/i\u003e\n\u003c/span\u003e\n\u003c/a\u003e\u003c/div\u003e\n\u003c/div\u003e\n\u003c/div\u003e\n\u003c/div\u003e\n\u003c/div\u003e\n\u003c/div\u003e\n"}