Two people were arrested for spending tens of thousands of dollars with more than 90 stolen credit cards in an incident that may (or may not) have been related to the massive Target data breach.
Authorities stopped Mary Carmen Garcia, 27, and Daniel Guardiola Dominguez, 28, of Monterrey, Mexico, as they tried to cross the border into the U.S. at McAllen, Texas with the cards in tow. According to McAllen Police Lt. Joel Morales, the U.S. Secret Service, ICE and banks affected by the breach linked the pair to the Target scandal, but one official told the Associated Press the arrest was unrelated, a complication befitting the already convoluted Target data breach saga. The AP writes:
A federal official with knowledge of the case said there currently was no connection between the McAllen case and any ongoing investigation into the Target breach, but would not elaborate. The official spoke on condition of anonymity because the official was prohibited from providing details about the investigation. The discrepancy could not immediately be rectified late Monday. Messages left for Rodriguez and his lieutenant Monday evening seeking a response to those comments weren't immediately returned.
If the arrest is, in fact, linked to the breach, it would suggest that the credit card information of the up to 110 million Target customers is being divided among small groups of people using stolen funds to shop across the U.S. If this is the case, authorities can use traditional means to track down those using stolen credit cards, as one security analyst told the LA Times.
Co3 Systems CTO Bruce Schneier told the paper, "It's not that we find criminals like this through cyber-forensics. We get them in the real world when they do something stupid... It's invariably how it works: Getting credit cards is easy. Turning it into cash is hard." Still, an elaborate sting was needed to catch the criminals, per the AP:
McAllen police began working with the Secret Service after a number of area retailers were hit with fraudulent purchases on Jan. 12. The Secret Service confirmed that the fraudulent accounts traced back to the original Target data breach from December, Rodriguez said. Investigators fanned out to McAllen-area merchants and reviewed "miles of video" looking for the fraudsters, he said. From that, they were able to identify two people and a car with Mexican license plates. With the help of U.S. Immigration and Customs Enforcement, investigators confirmed the identities of their suspects from immigration records of when they had entered Texas in the same vehicle, Rodriguez said. Police prepared arrest warrants last week and waited for them to return.
Those caught using the cards, however, are not necessarily linked to the criminals who carried out the breach, as small-time criminals can buy the information off the black market.
Perhaps the feds are careful not to link the pair to the Target breach following the probably mistaken allegation against a 17-year-old Russian by a security firm investigating the breach. InterCrawler said last week that Sergey Tarasov wrote the malware code that attacked Target and possibly other retailers, but later walked back the allegation. In the update, InterCrawler said that someone named Rinat Shibaev wrote the code, but that Sergey Tarasov was involved in the attack. Security expert Brian Krebs, who broke the story of the breach on his blog, called the company out on Twitter for the mishap:
So Intelcrawler apparently just changed its mind about the guy responsible for the Target POS malware. Now they have the right guy— briankrebs (@briankrebs) January 20, 2014
Krebs also appears to be calling into question how deeply a link between stolen credit card users and those responsible for the breach could actually go:
Target has not weighed in on the arrests, other than to note that the investigation is ongoing. The company was recently hit with a lawsuit from a Connecticut bank that have had to dole out cash to Target customers affected by the breach, so we figure they've got their hands full at the moment.
This article is from the archive of our partner The Wire.