Federal agents say they are still searching for suspects in a wave of credit card fraud that swept across Capitol Hill in 2010, an attack that likely affected hundreds of people and dozens of businesses, and involved untold thousands of dollars in fraud — and helped bring about the end of a longtime Broadway restaurant.
One place where no direct fraud took place was the now shuttered Broadway Grill, which had been a point of interest in the investigation. Secret Service agent Bob Kierstead tells CHS the data breach was a sophisticated virtual attack and no skimming device was used at any point of sale on Capitol Hill or elsewhere.
“There was no illegal activity from within (Broadway Grill) whatsoever,” Kierstead said. “It was an external breach, which are becoming more and more prevalent.”
Four years ago, Kierstead explained to CHS how the fraud worked — without revealing his hand on all of the specifics:
Secret Service agent Bob Kierstead of the Seattle Electronic Crimes Task Force says the overseas hacker who was able to access the network through a restaurant’s system he won’t name appears to have been able to leapfrog from the restaurant’s access to a critical server in the transaction process where account information was available. “He was able to access numbers off the server going back prior to October,” Kierstead said of the October 22nd breach that surfaced a week later as reports of fraud in the area began piling up. To date, we have tallied more than 200 fraud reports in the Capitol Hill area since the last week of October — and that only counts reports where somebody called police. Another 200+ were reported across the city as a whole in the period.
Such an attack was staged last year against chain retailer Target, in which hackers obtained some 40 million credit and debit card numbers and the personal data of millions more. The incident led to the departure of Target’s CEO this week.
Kierstead said investigators were able to obtain a unique “signature” of the virus at the Broadway Grill, allowing them to tie the virus to other data breaches outside the state.
Broadway Grill shuttered last April after owners said they struggled to recover from the negative publicity related to the wave of credit card fraud. Just prior to the wave, CHS reported on the purchase of the iconic Broadway eatery in 2010 by former server Matt Walsh and CJ Saretto. Getting caught up as victims in the wave was undoubtedly a tough introduction to the business.
Kierstead told CHS that since the fraud was first reported Seattle-based investigators have contained and identified the malware used in the virtual attack, but they are still working to physically locate suspects. Since 2010 investigators have also linked the attack to victims outside Washington, but Kierstead said he could not elaborate on how wide the fraud had spread or how much money it involved.
“We will not stop pursuing sombedy who has engaged it this type of crime,” he said.