Credit cards hacked, data sold in bulk
MANUEL VALDES
In an investigation that spanned from a Seattle restaurant to Romania, a 21-year-old Dutch national pleaded not guilty Monday to federal computer hacking charges that include the theft of at least 44,000 credit card numbers.
Federal prosecutors said David Benjamin Schrooten is a prominent figure known as “Fortezza” in the international hacking community who sold stolen credit card numbers in bulk through websites.
The 44,000 credit card numbers included in these charges come from just one sale, authorities said.
Schrooten was arrested in Romania and arrived Saturday in Seattle. He has been charged with 14 crimes, including access device fraud and identity theft.
“People think that cyber criminals cannot be found or apprehended. Today we know that’s not true. You cannot hide in cyberspace,” said U.S. Attorney Jenny A. Durkan at a news conference. “We will find you. We will charge you. We will extradite you and we will prosecute you.”
A message left with Schrooten’s listed attorney was not immediately returned.
Seattle and federal authorities credited a local Italian restaurant owner for sparking the investigation.
Corino Bonjrada said he became alarmed after several complaints from customers of suspicious charges after dining at Modello Risorante Italiano.
Customers suspected his workers had taken their credit card information and used it, but Bonjrada found no evidence of that. He called computer experts and eventually the police, he said.
That led police to Christopher A. Schroebel, 21, of Maryland, who they say planted spying malware in the sales systems of two Seattle businesses, two of dozens of businesses targeted. Schroebel had collected at least 4,800 credit card numbers in 2011.
“Some of my customers were saying they didn’t know if they wanted to come back,” Bonjrada said. “They were afraid.”
Schroebel was arrested in November 2011 and pleaded guilty last month to federal charges that included bank fraud. He is set to be sentenced in August.
Investigators said Schrooten worked with Schroebel in creating websites to sell the credit card numbers.
Bonjrada said some customers were charged within “10 minutes” of using their credit card at his restaurants in the amounts of $70 or $80.
Authorities said the investigation into the ring is continuing. Schrooten is scheduled back in court Aug. 20.
Locally, BECU officials said the hacking had been monitoring its customers accounts and had found no theft.
"There is nothing for customers to worry about," said Todd Pietszch, public relations manager for the credit union. "There are no security concerns for our members.”
