09/12/2008 05:12 am ET Updated May 25, 2011

ShadowCrew Identity Theft Ring Exploited Chain Retailers, Restaurants To Grab Millions Of Credit Card Numbers

The story begins five years ago in Miami, along the stretch of Route 1 called the South Dixie Highway. Starting in 2003, national retailers with outlets there, including BJ's Wholesale Club, the Sports Authority, OfficeMax, DSW and Barnes & Noble, began falling victim to "war-drivers" -- drive-by hackers who searched for holes in the security of wireless networks.

According to last week's indictments, those hackers were Mr. Gonzalez and two Miami accomplices, Christopher Scott, 25, and Damon Patrick Toey, 23.

Investigators say the conspirators began their largest theft in July 2005, when they identified a vulnerable network at a Marshall's department store in Miami and used it to place a so-called sniffer program on the computers of the chain's parent company, TJX, in Framingham, Mass. The program pulled out data like credit card numbers from the network traffic.

Read more on New York Times