Breaking News

Biden now weighing whether he should stay in presidential race: report
US News

WELSH TEENS ARE SNARED IN WORLDWIDE WEB $CHEME

By
Social Links for Evelyn Nussenbaum
Published March 25, 2000, 5:00 a.m. ET

Two Welsh teenagers were arrested and accused of hacking into Web sites in five countries and stealing 26,000 credit-card numbers.

Their names were withheld because they have not yet officially been charged under British law.

The arrests were the result of a two-month investigation by the FBI, the Royal Canadian Mounted Police and the Welsh Police Service.

FBI officials said the losses from the break-ins could total $3 million.

All of the sites the teens hacked were small, little-known ones.

The arrests put an end to the latest case that has shaken consumers’ confidence in the security of the Internet.

Earlier this year a hacker stole nearly 350,000 credit-card numbers from online music store CD Universe and then tried to extort money from the Web company.

Hackers also attacked Web giants Yahoo!, eBay, Amazon.com and CNN.com in February, disabling the sites for hours at a time. No arrests have been made in those cases.

The two Welsh teens posted many of the credit card numbers on the Web site Curador.com — which has since been shut down.

One of the sites hit in the latest attacks was

Salesgate.com, which runs a sort of online mall for small merchants.

“Our entire database was downloaded — 3,000 or 4,000 numbers,” said Salesgate.com founder Christopher Keller.

“The good news is that we canceled everyone’s credit cards and we haven’t confirmed any actual losses.”

The American Society of Clinical Psychologists also was attacked.

The hackers also hit sites in Canada, Thailand, Japan and Britain, according to the FBI.

The teenagers apparently took advantage of a known bug in Microsoft’s e-commerce software.

Microsoft released a so-called “patch” for the hole in 1998 and has been asking users to download and install it ever since.

The teenagers apparently left a relatively easy trail for the authorities to follow.

Security experts said Curador.com had listed a fictitious Wales address just miles from the hackers’ real homes — a tiny village with about 700 people.

They also used a single Internet service provider for all the attacks, making them easier to trace.