Five men have been charged for their alleged role in breaking into major US companies and stealing 160 million credit and debit cards, one of the country's largest-ever hacking operations to be dismantled.
Federal prosecutors in New Jersey unsealed an indictment charging Russian hackers Vladimir Drinkman, 32; Roman Kotov, 32; and Dmitriy Smilianets, 29; Aleksandr Kalinin, 26, along with 26-year-old Ukrainian Mikhail Rytikov, for their involvement in the ring. The five are alleged to have conspired with others.
Prosecutors said the defendants are charged with penetrating the computer networks of major US companies in a campaign dating back to 2005.
They are alleged to have hacked into networks and databases using SQL injection, which enabled them to steal more than 160 million credit card numbers and cause hundreds of millions of dollars in financial losses.
The affected entities include Dow Jones, NASDAQ, JCPenney, JetBlue, Heartland Payment Systems, TJX, Hannaford Bros. and 7-Eleven, with three of the affected organisations claiming reported losses in excess of $US300 million.
Investigators said the group conspired with Albert Gonzalez, who began serving a 20-year sentence in 2010 after being pleading guilty for stealing and reselling hundreds of millions of credit and debit cards in a campaign dating back to 2005. At that time still unnamed, Kalinin and Drinkman were charged as conspirators in Gonzalez's 2009 indictment.
Gonzalez, best known for masterminding the mega-hacks of payment processor Heartland Payment Systems and discount retail parent company TJX, has been linked to the compromises at a number of other retailers and businesses.
According to prosecutors, each of the hackers took on different roles: Drinkman and Kalinin breached the targeted companies and gained access to the systems holding sensitive data of customers.
Kotov mined the networks to steal valuable information. Rytikov helped hide his cohorts' activities by using anonymous web-hosting services. And Smilianets sold the information and distributed the proceeds.
The gang hijacked usernames, passwords, identification information and credit and debit card numbers, and sold the data “dumps” to resellers for between $10 and $50, depending on the victims' location, according to the US attorney's office. Data belonging to Americans netted the lower end of the range, while information on Canadians and Europeans earned higher proceeds.
The resellers would typically sell the “dumps” online, and the information was oftentimes encoded into the magnetic stripe of blank cards, which were then used to purchase goods or withdraw cash from ATMs.
All five of the accused are being charged with conspiracy to gain unauthorised access to computers and conspiracy to commit wire fraud, which combined carry a maximum of 35 years in prison.
All but Rytikov are additionally charged with unauthorized access to computers and wire fraud, which also carry a five-year and 30-year maximum sentence, respectively.
US Attorney for New Jersey Paul Fishman said in a news release on Thursday that the losses faced by victims of identity theft are "immeasurable."
Drinkman and Smilianets were arrested on June 28, 2012 in the Netherlands. Smilianets is in federal custody following a September 2012 extradition, and Drinkman is awaiting an extradition hearing in the Netherlands. Kalinin, Kotov and Rytikov remain at large.
This article originally appeared at scmagazineus.com
Copyright © SC Magazine, US edition
Issue: 336 | March 2015
Access CRN's extensive online resources including; email bulletins, community discussions and unique online news.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can log on to the CRN website or start posting comments on articles.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain '@crn.com.au' to your white-listed senders.