Curador Worked As E-Commerce Consultant
As previously reported, an 18-year-old man in Clynderwen, Wales was arrested Thursday in connection with break-ins at nine e-commerce sites in recent weeks. Under U.K. law, Curador's name was not released by police, but the Britain's Daily Telegraph reported Saturday that Curador's real name was Raphael Gray. The true name of his accomplice, who was also arrested, was not disclosed.
While he was allegedly breaking into online stores in the United States, Canada, Thailand and Great Britain, Gray was also working to develop an e-commerce strategy for Console King, a mail-order company in Narberth, Wales.
According to Sam Lee, managing director, the retailer of video games and DVDs hired Gray around Christmas 1999 on the recommendation of a job recruitment firm.
"[Gray] told us that he worked for several companies, including a subsidiary of Microsoft. And he showed us some of the work he had done, and it was pretty good. As far as we knew, he had no criminal record," said Lee.
Console King paid Gray about US$6.50 per hour to build the company an online storefront. But Lee said he fired Gray in the beginning of March after Gray began failing to show up for work. Only last week did Lee know that Gray had allegedly been involved in the online theft of about 26,000 credit cards over the course of six weeks.
"We couldn't believe it. He's put my company and my staff in jeopardy. He's so stupid he doesn't know what he's done," said Lee, who added that Console King has tightened security at its site since learning of Gray's true identity.
Gray has been released on bail and according to Lee has been seen on the streets of Clynderwen, which has a population of 550.
FBI officials declined to comment on whether Gray had used any of the stolen card numbers to place fraudulent orders. Britain's Daily Mail newspaper quoted a detective who said police had confiscated "a pile of stuff" from the homes of Gray and his accomplice.
Gray also apparently used a card stolen from an online retailer named Albion's MO to register one of the sites where he posted stolen card numbers and diatribes about e-commerce security. According to Robert Koseluk of Carmel, Indiana, he received an unauthorized charge for $198 to register and set up a site at free-creditcard.com. Gray also apparently used a card stolen from Stacy Yaple of Jacksonville, Fla., to register another site, e-crackerce.com.
Lee of Console King said that Gray apparently had financial problems. Lee also said Gray would often borrow small amounts of money from him.
"He never had any money. I had to lend him money for a haircut and for lunch. He came into work stinking and wore the same clothes everyday. I had to speak with him about his personal appearance and hygiene," said Lee.
At his Web sites, Gray has argued that he broke into other sites to shame operators into improving their shoddy security. Tim Ward, owner of feelgoodfalls.com, a site that Curador hit around the end of February, said Curador has had his desired effect.
"There's some good that came out of this. We never intended to expose anybody's card numbers, but what he did resulted in us being more secure," said Ward, who revealed that his mother-in-law built the site at feelgoodfalls.com using Microsoft StoreFront. In the wake of the break-in, Ward has hired a security consulting firm to batten down the hatches.
Michael Vatis, director of the FBI's National infrastructure protection center, said Friday that regardless of a cracker's motives, breaking into a site is still a federal crime.
"If someone gains unauthorized access to a computer that's engaged in interstate or foreign commerce, that access is a federal crime, whether the state of security is poor or excellent," said Vatis.
Reuters reported Sunday that one of the credit cards that Curador had stolen belonged to none other than Microsoft Chairman Bill Gates. The report apparently was based on information gleaned from one of Curador's Web sites where he posted stolen credit card numbers.
But that site, which is mirrored here, contains information suggesting the Reuters report is inaccurate. For example, the credit card number Curador posted and claimed was Gates' has only 12 digits, and the first four do not match any algorithms used by Visa, Mastercard, Discover, American Express, or any of the other major credit card companies.
A spokesperson for the U.S. Secret Service, which investigates credit card fraud, would not comment on Curador's claims, although he did say that the card appeared to be missing numbers.
November 21st, 2008, posted by cfz
