A Dutch man has been arrested for allegedly hacking into computers and stealing and reselling the credit card numbers of 44,000 Seattle residents.
David Benjamin Schrooten, 21, appeared in a U.S. federal court in Seattle yesterday (June 11) to face 14 charges ranging from identity theft to access device fraud, the Associated Press reported. Schrooten, who was arrested in Romania, pleaded not guilty to the charges.
"People think that cybercriminals cannot be found or apprehended," U.S. Attorney Jenny A. Durkan said at a press conference. "Today we know that's not true. You cannot hide in cyberspace. We will find you. We will charge you. We will extradite you and we will prosecute you."
Known in the underground cyberfraud community as "Fortezza," Schrooten allegedly was behind the scheme to plant spyware on the sales systems of Seattle businesses, from which he and an accomplice reportedly harvested the credit card numbers of at least 44,000 patrons beginning in January 2011.
A complaint from the owner of Mondello Ristorante Italiano in Seattle alerted the police to the fraud. Christopher Schroebel, 21, a Maryland resident and suspected accomplice of Schrooten's, reportedly put the spywyare on the businesses' computers.
Schroebel, also 21, was arrested in November 2011 and pleaded guilty last month. According to the indictment against him, Schroebel was "heavily involved in intravenous heroin use," and supported his habit with the help of the stolen credit card numbers.
Brian Krebs, a security researcher who has delved into the underground cybercrime forums and sites used by fraudsters, reported that Fortezza, as Schrooten was known, ran the English-language credit-card fraud site Kurupt.su. In a post on his Krebs on Security blog, Krebs said Fortezza reached out to him last fall and said he was "quitting the scene" and had plans to attack other card fraud forums.
Krebs said the last time he heard from Fortezza was in March, when he told Krebs he was planning to meet some fellow hackers in Romania.