Man stole data from U.S. service members via P2P

[InfoSec News <alerts () infosecnews org>]

http://www.computerworld.com/s/article/9220078/Man_stole_data_from_U.S._service_members_via_P2P

By Robert McMillan
IDG News Service
September 16, 2011

A California man who dug up sensitive information belonging to U.S. 
service members on peer-to-peer networks, and then used it to order 
iPods, cameras, and even washing machines from an online store, was 
sentenced to 75 months in federal prison Thursday.

Rene Quimby, 42, had already pleaded guilty to fraud and identity theft 
charges in May. According to court filings, Quimby stumbled upon the 
scam four years ago after uncovering military rosters listing sensitive 
information online. His victim was the Army and Air Force Exchange 
Services (AAFES), the organization that does about US$10 billion in 
business annually, running the post exchange retail outlets on military 
bases.

"Quimby learned of the AAFES.com website when he downloaded a file that 
contained a service member's username and password for an AAFES 
account," reads a factual resume signed by Quimby in May when he entered 
his guilty plea. "He then learned that he could use service members' 
social security numbers and dates of birth to log into the site."

His next move was to chat with the website's customer support staff. 
Using the same stolen information to answer their security questions, 
he'd get them to tell him the victim's STAR credit card number, used to 
make purchases with the AAFES. He then would spend as much as he could 
in an online shopping spree, buying computers, cameras, iPods, even 
washing machines. He'd have the goods mailed to different addresses in 
California, where he'd pick them up and fence them.

[...]


_____________________________________________________________
Register now for the #HITB2011KUL - Asia's premier
deep-knowledge network security event now in it's 9th year!
http://conference.hitb.org/hitbsecconf2011kul/