A Turkish court has sentenced a hacker to 30 years in prison for
his role in the
theft of 45 million identities from credit card transactions by
nine US retailers including TJX.
Ukrainian Maksym Yastremskiy was among 11 people charged by US
authorities in August 2008 in connection with the biggest identity
theft to date.
The length of the sentence is significant and should make
hackers consider whether cybercrime is worth the risk, said Graham
Cluley, senior technology consultant at security firm
Sophos.
The 25-year-old hacker, believed to be responsible for losses of
up to tens of millions of dollars worldwide, was arrested in Turkey
in July 2007 in a secret services operation.
"There are more and more convictions happening all the time and
authorities are getting better than ever at co-operating at an
international level," said Cluley.
Yastremskiy was charged last year with trafficking in
unauthorised access devices, identity theft, aggravated identity
theft and money laundering.
The gang used laptops to hack into
unprotected wireless networks to steal credit card transaction
details from TJX and other stores.
The stolen identities were then used to withdraw tens of
thousands of dollars at a time from bank automatic teller
machines.
TJX, which owns UK retailer TJ Maxx, announced the theft of the
account details in 2007 and has since paid millions in compensation
to the customers and banks affected.