A gang of computer hackers broke into the computer systems of major US shops and stole more than 40 million credit and debit card numbers.

Eleven people have been indicted in Boston for their part in the largest hacking and identity theft case the US Justice Department has ever prosecuted.

The department says the stolen numbers were sold via the internet to other criminals in the US and Eastern Europe and used to withdraw tens of thousands of dollars at a time from ATMs.

The eleven defendants include three US citizens, three from Ukraine, two from China, one from Belarus, one from Estonia and one whose place of origin is unknown, the department said in a statement.

'Sniffer' programs

They are alleged to have obtained the credit and debit card numbers by "wardriving" and hacking into the wireless computer networks of major retailers, including TJX Companies, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW.

Once inside the networks, they installed "sniffer" programs that captured card numbers, as well as password and account information.

The indictment against them alleges that after they collected the data, the conspirators concealed it in encrypted computer servers that the defendants controlled in Eastern Europe and the United States.

From there, the stolen numbers were "cashed out" by encoding card numbers on the magnetic strips of blank cards, and then used to extract cash from ATMs, the Justice Department said.

Money laundering

The defendants were allegedly able to conceal and launder their fraud proceeds by using anonymous internet-based currencies both within the United States and abroad, and by channelling funds through bank accounts in Eastern Europe, it added.

"So far as we know, this is the single largest and most complex identity theft case ever charged in this country," said US Attorney General Michael Mukasey.

"While technology has made our lives much easier it has also created new vulnerabilities," said US Attorney for the District of Massachusetts Michael Sullivan.

"This case clearly shows how strokes on a keyboard with a criminal purpose can have costly results. Consumers, companies and governments from around the world must further develop ways to protect our sensitive personal and business information," he added.