Originally created 12/15/00

FBI search for hacker



LOS ANGELES -- The FBI is looking for a hacker who put thousands of stolen credit-card numbers on the Internet after a $100,000 extortion demand was ignored.

More than 55,000 numbers were stolen from creditcards.com, which processes credit transactions for online companies. About 25,000 of them were posted online when the extortion payment was not made, creditcards.com spokesman Laurent Jean said Wednesday.

The site containing the numbers has since been taken down by the FBI, said agency spokesman Matthew McLaughlin. No arrests have been made.

Whether the numbers had been used to make illegal charges wasn't immediately known, he said. The FBI asked merchants to contact the agency if they fear their database was compromised.

The hacker, who appeared to be from Russia, contacted creditcards.com about three months ago, the company said in an e-mail sent to its merchants Monday. Creditcards.com said it immediately contacted the FBI and adopted a policy of refusing to cooperate with hackers or meet extortion demands.

The company said it also hired security consultants to help improve its ability to protect data.

One of the company's merchants, ihateshopping.net in Tacoma, Wash., said the hacker contacted it earlier this week and provided all of the stolen credit card numbers.

The online shopping service used that information to create a page where potential victims can enter their name and address to determine if their credit card was compromised, said Harry Widdifield, owner of the site.

"We think it's the most judicious use of the information that was given to us by the hackers possible," Widdifield said.

An executive with Urban Golf Gear, another creditcards.com merchant, said none of the people on its customer list reported illegal card charges.

The Oakland-based company's chief executive officer, Craig Tanner, said he first learned of the security breach Monday when the hacker contacted him by e-mail.

"I put my trust in creditcards.com to have a secure system," said Tanner, whose company sells hip golf clothing. "Nobody told me these credit cards were stolen."

The incident is the latest in a string of attacks against companies that deal with credit card information.

Last year, a hacker stole about 300,000 credit card numbers from online music retailer CD Universe and posted about 25,000 of them on the Internet when a demand for $100,000 was not met. The hacker remains at large.

Hackers stole thousands of credit card numbers from SalesGate.com of Buffalo, N.Y., earlier this year.

RealNames, an Internet search service with as many as 20,000 card numbers on file, learned of a hacker infiltration in February.

Western Union shut its Web site for five days in September after hackers stole the card numbers of more than 15,000 customers.

On the Net:

http://www.creditcards.com

http://www.ihateshopping.net

http://www.urbangolfgear.com