Security Experts:

Five Charged in Largest Hacking Scheme Ever Prosecuted in US

Global Hacking Operation Targeted Major Payment Processors, Retailers and Financial Institutions

The U.S. Attorney's Office today unsealed an indictment charging four Russians and a Ukrainian with a multi-million hacking scheme that netted 160 million credit card numbers from several major American and international corporations.

The charges stem from hacking attacks dating back to 2005 against several global brands, including the NASDAQ exchange, 7-Eleven, JC Penney, Hannaford, Heartland, JetBlue, Dow Jones, Euronet, Visa Jordan, Global Payment, Diners Singapore and Ingenicard.

Hackers Charged in Fraud OperationAccording to the indictment (PDF) unsealed today in Newark federal court, the five men each served particular roles in the scheme:

- Vladimir Drinkman, 32, of Syktyykar and Moscow, Russia, and Alexandr Kalinin, 26, of St. Petersburg, Russia, each allegedly specialized in penetrating networks and gaining access to the corporate victims' systems.

- Roman Kotov, 32, of Moscow, allegedly specialized in mining the networks  compromised by Drinkman and Kalinin to steal valuable data.

- Mikhail Rytikov, 26, of Odessa, Ukraine, allegedly offered anonymous web-hosting services for the others to hide their illegal activities.

- Dmitriy Smilianets, 29, of Moscow, allegedly sold the information stolen by the other conspirators and distributed the proceeds of the scheme to the participants.

Drinkman and Kalinin were previously charged as “Hacker 1” and “Hacker 2” in the famous case against Albert Gonzalez, who is now serving 20 years in jail in connection with a series of high-profile data breaches, including a massive breach at TJX.

Two of the five men -- Drinkman and Smilianets -- were arrested while traveling in the Netherlands last year and have been extradited to the U.S. to face charges. The other three remain at large.

According to court documents, the group allegedly took user names and passwords, means of identification, credit and debit card numbers and other corresponding personal identification information of cardholders.

The men allegedly used SQL injection attacks as the initial entry point into the computer systems of global corporations. Once networks were breached, the defendants allegedly placed malware on the systems.  According to the indictment, the malware used created a “back door,” leaving the system vulnerable and helping the defendants maintain access to the network.

In some cases, the defendants lost access to the system due to companies’ security efforts, but they were able to regain access through persistent attacks," according to court documents.

The group also used sniffers to to identify, collect and steal data from the victims’ computer networks and hijacked computers located around the world to store the stolen data and ultimately sell it to others.

To sell the stolen data, the U.S. Attorney's Office alleges that Smilianets packaged "dumps" and offered these to resellers around the world.  Smilianets was allegedly in charge of sales, vending the data only to trusted identity theft wholesalers. According to court documents, he charged approximately $10 for each stolen American credit card number and associated data, approximately $50 for each European credit card number and associated data and approximately $15 for each Canadian credit card number and associated data – offering discounted pricing to bulk and repeat customers," according to the indictment.

"Ultimately, the end users encoded each dump onto the magnetic strip of a blank plastic card and cashed out the value of the dump by either withdrawing money from ATMs or making purchases with the cards," it added.

The men face five years in prison for conspiracy to gain unauthorized access to computers; 30 years in prison for conspiracy to commit wire fraud; five years in prison for unauthorized access to computers; and 30 years in prison for wire fraud.

view counter
Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. Ryan is a veteran cybersecurity strategist who has built security engagement programs at major global brands, including Intel Corp., Bishop Fox and GReAT. He is a co-founder of Threatpost and the global SAS conference series. Ryan's past career as a security journalist included bylines at major technology publications including Ziff Davis eWEEK, CBS Interactive's ZDNet, PCMag and PC World. Ryan is a director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world. Follow Ryan on Twitter @ryanaraine.