Man sentenced for buying stolen identities

Sophos has welcomed news that US authorities have sentenced a man to seven years in prison for buying stolen identities from online forums run by cybercriminals in other countries. According to reports, 21-year old Jacob Vincent Green-Bressler was not involved in actually stealing and selling these identities, but used the information he bought from the hackers to defraud thousands of US bank customers.

Green-Bressler was convicted of soliciting information including credit and debit card account numbers, personal identification numbers (PINs), expiration dates, passwords and social security numbers. Using this data, he was able to create counterfeit credit cards which were then used to fraudulently withdraw money from cash machines in Arizona. Around half of this stolen money would then be transferred back overseas to the cybercriminals that supplied the original information.

Sophos experts note that until now law enforcement agencies have focused on catching the cybercriminals who sell identities online, rather than those who use the information to defraud innocent victims.

“While good headway has been made in clamping down on the hackers that sell stolen identities online, more action needs to be taken to stop the criminals that buy and use this information,” said Graham Cluley, senior technology consultant at Sophos. “Tackling the identity theft problem is not just about stopping the suppliers – there are always more cybercriminals lurking out there ready to step into their shoes. It’s just as important that anyone buying this information doesn’t think they can get away scott free.”

At the height of the scam, it is estimated that Green-Bressler held more than 4,500 illegal credit and debit card account numbers and PINs, and that more than USD 300,000 was wired overseas.