RealTime IT News

Curador Worked As E-Commerce Consultant

Before he was arrested by police in Wales last Thursday, the online credit card thief who called himself "Curador" worked as an e-commerce consultant, his former boss revealed Monday.

As previously reported, an 18-year-old man in Clynderwen, Wales was arrested Thursday in connection with break-ins at nine e-commerce sites in recent weeks. Under U.K. law, Curador's name was not released by police, but the Britain's Daily Telegraph reported Saturday that Curador's real name was Raphael Gray. The true name of his accomplice, who was also arrested, was not disclosed.

While he was allegedly breaking into online stores in the United States, Canada, Thailand and Great Britain, Gray was also working to develop an e-commerce strategy for Console King, a mail-order company in Narberth, Wales.

According to Sam Lee, managing director, the retailer of video games and DVDs hired Gray around Christmas 1999 on the recommendation of a job recruitment firm.

"[Gray] told us that he worked for several companies, including a subsidiary of Microsoft. And he showed us some of the work he had done, and it was pretty good. As far as we knew, he had no criminal record," said Lee.

Console King paid Gray about US$6.50 per hour to build the company an online storefront. But Lee said he fired Gray in the beginning of March after Gray began failing to show up for work. Only last week did Lee know that Gray had allegedly been involved in the online theft of about 26,000 credit cards over the course of six weeks.

"We couldn't believe it. He's put my company and my staff in jeopardy. He's so stupid he doesn't know what he's done," said Lee, who added that Console King has tightened security at its site since learning of Gray's true identity.

Gray has been released on bail and according to Lee has been seen on the streets of Clynderwen, which has a population of 550.

FBI officials declined to comment on whether Gray had used any of the stolen card numbers to place fraudulent orders. Britain's Daily Mail newspaper quoted a detective who said police had confiscated "a pile of stuff" from the homes of Gray and his accomplice.

Gray also apparently used a card stolen from an online retailer named Albion's MO to register one of the sites where he posted stolen card numbers and diatribes about e-commerce security. According to Robert Koseluk of Carmel, Indiana, he received an unauthorized charge for $198 to register and set up a site at free-creditcard.com. Gray also apparently used a card stolen from Stacy Yaple of Jacksonville, Fla., to register another site, e-crackerce.com.

Lee of Console King said that Gray apparently had financial problems. Lee also said Gray would often borrow small amounts of money from him.

"He never had any money. I had to lend him money for a haircut and for lunch. He came into work stinking and wore the same clothes everyday. I had to speak with him about his personal appearance and hygiene," said Lee.

At his Web sites, Gray has argued that he broke into other sites to shame operators into improving their shoddy security. Tim Ward, owner of feelgoodfalls.com, a site that Curador hit around the end of February, said Curador has had his desired effect.

"There's some good that came out of this. We never intended to expose anybody's card numbers, but what he did resulted in us being more secure," said Ward, who revealed that his mother-in-law built the site at feelgoodfalls.com using Microsoft StoreFront. In the wake of the break-in, Ward has hired a security consulting firm to batten down the hatches.

Michael Vatis, director of the FBI's National infrastructure protection center, said Friday that regardless of a cracker's motives, breaking into a site is stil