No safe haven: the global Secret Service hunt for three hackers

Dave & Buster's store #32 in Islandia, New York—a restaurant and electronic funhouse for adults—seemed an unlikely target for an international credit card theft ring. Certainly no patron drinking beer and shooting miniature basketballs into a miniature hoop expected their credit card data to end up inside an encrypted Latvian server, waiting to be sold off to international criminals who would ring up more than $600,000 in charges on the cards. But that was because no patron knew anything about the Estonian hacker Aleksandr "JonnyHell" Suvorov.

On May 18, 2007, Suvorov electronically entered the point of sale (POS) server at store #32. Every Dave & Buster's has a POS server, which vacuums up all the credit card data collected by each store's credit card swipe terminals and relays it upstream to a payment processor for verification and approval of the transaction. With full access to the server, Suvorov had no trouble installing a customized bit of code called a packet sniffer, and the program promptly turned its digital nose upon all traffic flowing into and out of the server. The sniffer used this privileged position to find and extract from the data stream the key "track 2" data—numbers and expiration dates, but not names—from every credit card used in store #32, saving it to a local file creatively named "log" for later retrieval.