Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Five Charged in Largest Hacking Scheme Ever Prosecuted in US

Global Hacking Operation Targeted Major Payment Processors, Retailers and Financial Institutions

The U.S. Attorney’s Office today unsealed an indictment charging four Russians and a Ukrainian with a multi-million hacking scheme that netted 160 million credit card numbers from several major American and international corporations.

Global Hacking Operation Targeted Major Payment Processors, Retailers and Financial Institutions

The U.S. Attorney’s Office today unsealed an indictment charging four Russians and a Ukrainian with a multi-million hacking scheme that netted 160 million credit card numbers from several major American and international corporations.

The charges stem from hacking attacks dating back to 2005 against several global brands, including the NASDAQ exchange, 7-Eleven, JC Penney, Hannaford, Heartland, JetBlue, Dow Jones, Euronet, Visa Jordan, Global Payment, Diners Singapore and Ingenicard.

Hackers Charged in Fraud OperationAccording to the indictment (PDF) unsealed today in Newark federal court, the five men each served particular roles in the scheme:

Vladimir Drinkman, 32, of Syktyykar and Moscow, Russia, and Alexandr Kalinin, 26, of St. Petersburg, Russia, each allegedly specialized in penetrating networks and gaining access to the corporate victims’ systems.

Roman Kotov, 32, of Moscow, allegedly specialized in mining the networks  compromised by Drinkman and Kalinin to steal valuable data.

Mikhail Rytikov, 26, of Odessa, Ukraine, allegedly offered anonymous web-hosting services for the others to hide their illegal activities.

Dmitriy Smilianets, 29, of Moscow, allegedly sold the information stolen by the other conspirators and distributed the proceeds of the scheme to the participants.

Drinkman and Kalinin were previously charged as “Hacker 1” and “Hacker 2” in the famous case against Albert Gonzalez, who is now serving 20 years in jail in connection with a series of high-profile data breaches, including a massive breach at TJX.

Advertisement. Scroll to continue reading.

Two of the five men — Drinkman and Smilianets — were arrested while traveling in the Netherlands last year and have been extradited to the U.S. to face charges. The other three remain at large.

According to court documents, the group allegedly took user names and passwords, means of identification, credit and debit card numbers and other corresponding personal identification information of cardholders.

The men allegedly used SQL injection attacks as the initial entry point into the computer systems of global corporations. Once networks were breached, the defendants allegedly placed malware on the systems.  According to the indictment, the malware used created a “back door,” leaving the system vulnerable and helping the defendants maintain access to the network.

In some cases, the defendants lost access to the system due to companies’ security efforts, but they were able to regain access through persistent attacks,” according to court documents.

The group also used sniffers to to identify, collect and steal data from the victims’ computer networks and hijacked computers located around the world to store the stolen data and ultimately sell it to others.

To sell the stolen data, the U.S. Attorney’s Office alleges that Smilianets packaged “dumps” and offered these to resellers around the world.  Smilianets was allegedly in charge of sales, vending the data only to trusted identity theft wholesalers. According to court documents, he charged approximately $10 for each stolen American credit card number and associated data, approximately $50 for each European credit card number and associated data and approximately $15 for each Canadian credit card number and associated data – offering discounted pricing to bulk and repeat customers,” according to the indictment.

“Ultimately, the end users encoded each dump onto the magnetic strip of a blank plastic card and cashed out the value of the dump by either withdrawing money from ATMs or making purchases with the cards,” it added.

The men face five years in prison for conspiracy to gain unauthorized access to computers; 30 years in prison for conspiracy to commit wire fraud; five years in prison for unauthorized access to computers; and 30 years in prison for wire fraud.

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.