BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Man stole data from U.S. service members via P2P

From: security curmudgeon <jericho () attrition org>
Date: Mon, 19 Sep 2011 13:43:57 -0500 (CDT)

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.computerworld.com/s/article/9220078/Man_stole_data_from_U.S._service_members_via_P2P

By Robert McMillan
IDG News Service
September 16, 2011

A California man who dug up sensitive information belonging to U.S. 
service members on peer-to-peer networks, and then used it to order iPods, 
cameras, and even washing machines from an online store, was sentenced to 
75 months in federal prison Thursday.

Rene Quimby, 42, had already pleaded guilty to fraud and identity theft 
charges in May. According to court filings, Quimby stumbled upon the scam 
four years ago after uncovering military rosters listing sensitive 
information online. His victim was the Army and Air Force Exchange 
Services (AAFES), the organization that does about US$10 billion in 
business annually, running the post exchange retail outlets on military 
bases.

"Quimby learned of the AAFES.com website when he downloaded a file that 
contained a service member's username and password for an AAFES account," 
reads a factual resume signed by Quimby in May when he entered his guilty 
plea. "He then learned that he could use service members' social security 
numbers and dates of birth to log into the site."

His next move was to chat with the website's customer support staff. Using 
the same stolen information to answer their security questions, he'd get 
them to tell him the victim's STAR credit card number, used to make 
purchases with the AAFES. He then would spend as much as he could in an 
online shopping spree, buying computers, cameras, iPods, even washing 
machines. He'd have the goods mailed to different addresses in California, 
where he'd pick them up and fence them.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/
Previous By Date Next
Previous By Thread Next

Current thread: