Busted: 5 Charged in Hacking Enterprise

Friday, July 26, 2013 @ 02:07 PM gHale


The largest hacking case ever in the United States ended up with four Russian nationals and a Ukrainian facing charges of running a sophisticated hacking organization that over seven years penetrated computer networks of more than a dozen major American and international corporations.

The result of the hacking enterprise was the stealing and selling at least 160 million credit and debit card numbers, resulting in losses of hundreds of millions of dollars for the victims, officials said.

RELATED STORIES
Four Busted for Hacking in Croatia
Bulgarian Faces Hacking Charges in NJ
Jail Time for Phishing Team
Guilty Plea in Police Hacking

The indictments handed up Thursday in Newark, NJ, culminated in what U.S. Attorney Paul Fishman called the largest hacking and data breach scheme ever prosecuted in the United States.

The victims in a scheme that ran from 2005 until last year included the electronic stock exchange Nasdaq; 7-Eleven Inc.; JCPenney Co.; the New England supermarket chain Hannaford Brothers Co.; JetBlue; Heartland Payment Systems Inc., one of the world’s largest credit and debit processing companies, French retailer Carrefour S.A., and the Belgium bank Dexia Bank Belgium, federal officials said.

The indictment said the suspects sent each other instant messages as they took control of the corporate data, telling each other, for instance: “NASDAQ is owned.” At least one man told others he used Google news alerts to learn whether anyone discovered his hacks, according to the court filing.

The defendants are Vladimir Drinkman, Aleksander Kalinin, Roman Kotov and Dmitriy Smilianets, all as Russians, and Ukrainian Mikhail Rytikov. Authorities say one suspect is in the Netherlands and another is due to appear in U.S. District Court in New Jersey next week. The whereabouts of the three others were not immediately clear.

The prosecution builds on a case that resulted in a 20-year prison sentence in 2010 for Albert Gonzalez of Miami, who often used the screen name “soupnazi” and is also in the new complaint as an unindicted co-conspirator. There were also other named unindicted co-conspirators.

Prosecutors identified Drinkman and Kalinin as “sophisticated” hackers who specialized in penetrating the computer networks of multinational corporations, financial institutions and payment processors.

Kotov’s specialty was harvesting data from the networks after they were able to penetrate, and Rytikov provided anonymous web-hosting services used to hack into computer networks and covertly remove data, the indictment said.

Smilianets was the information salesman, the government said.

All five faces charges of taking part in a computer hacking conspiracy and conspiracy to commit wire fraud. The four Russian nationals also face multiple counts of unauthorized computer access and wire fraud.

The individuals who purchased the credit and debit card numbers and associated data from the hacking organization resold them through online forums or directly to others known as “cashers,” the indictment said. According to the indictment, U.S. credit card numbers sold for about $10 each; Canadian numbers were $15 and European ones $50.

The data ended up stored on computer servers all over the world, including in New Jersey, Pennsylvania, California, Illinois, Latvia, the Netherlands, Bahamas, Ukraine, Panama and Germany.

The cashers would encode the information onto the magnetic strips of blank plastic cards and cash out the value, by either withdrawing money from ATMs in the case of debit cards, or running up charges and purchasing goods in the case of credit cards.



Leave a Reply

You must be logged in to post a comment.