May 14, 2010, 4:10 AM — A Ukrainian national has been arrested in India in connection with the most notorious hacking incident in U.S. history.
Sergey Valeryevich Storchark was one of 11 men charged in August 2008 with hacking into nine U.S. retailers and selling tens of millions of credit card numbers. He was arrested in India earlier this week, according to a spokesman with India's Central Bureau of Investigation (CBI).
In a statement, the CBI said they'd arrested Storchark in New Delhi on the night of May 8, as he deplaned from a flight from Goa, for layover before a flight to Turkey.
U.S. authorities had asked for his extradition via diplomatic channels, the CBI said.
Authorities say that Storchark was a reseller of stolen credit cards -- one of the men that hacker Albert Gonzalez and his accomplices turned to when they wanted to sell the data they'd stolen from major U.S. retailers such as TJX, Dave and Buster's, Office Max and DSW.
In 2008, U.S. Attorney General Michael Mukasey described this as probably "the single largest and most complex identity theft case ever charged in this country."
Storchark faces one charge of conspiracy to traffic in unauthorized access devices.
Known online as "Fidel," Storchak allegedly sold credit card data on an online forum called DumpsMarket, but he was also active on other forums, said a federal law enforcement source speaking on condition of anonymity because the source was not authorized to speak with press. "He was pretty well connected at one point, so I think he's a significant player."
In late March, Gonzalez was sentenced to 20 years in prison for his role in the conspiracy. Several of this other co-conspirators have been sentenced as well. However, several remain out of the reach of U.S. law enforcement, and it's often next-to-impossible to extradite suspected hackers from countries such as Ukraine and Russia.
"His extradition and prosecution would have been very unlikely had he reached his final destination of Ukraine," the CBI said.
John Ribeiro in Bangalore contributed to this report.
Robert McMillan can be reached at robert_mcmillan@idg.com. He is on Twitter at: http://twitter.com/bobmcmillan.
