Yesterday morning, federal prosecutors in Newark and Manhattan revealed they had won indictments against five Eastern European computer programmers for orchestrating one of the largest hacking schemes ever uncovered--one which stole millions of credit card numbers from unsuspecting customers around the world.
The four Russians and a Ukrainian stole and sold more than 160 million credit card numbers from corporate networks from 2007 to 2012, resulting in losses of hundreds of millions of dollars, federal prosecutors said.
Announcing the indictments, U.S. Attorney Paul Fishman called the case the largest hacking and data-breach scheme ever prosecuted in the United States.
Vladimir Drinkman, 32, Alexandr Kalinin, 26, Roman Kotov, 32, and Dimitriy Smilianets, 29, could face prison sentences of up to 70 years each for wire fraud, unauthorized access to computers, conspiring to commit wire fraud and conspiracy to gain unauthorized access to computers. The Ukrainian, Mikhail Rytikov, 26, was charged with conspiracy only and could face a 35-year sentence.
Read the full indictment
at the New Jersey U. S. Attorney site. It charges that over a seven-year period from 2005 to 2012, the five men were the masterminds behind a massive hacking operation that targeted several major American and international retailers. The most prominent American victims were retailers 7-Eleven, JetBlue, JCPenney and Hannaford. Also targeted were two of the largest credit card processing companies in the nation, Heartland Payment Systems and Global Payment systems. Outside this country, the grifters attacked French hypermart chain Carrefour and international divisions of Visa and Diners Club. Additionally, Kalinin is facing separate federal charges in Manhattan for
stealing bank account information from Citigroup and PNC, as well as
hacking into Nasdaq.
CBS' John Miller, a former FBI agent and security expert, explained how the scheme worked on this morning's edition of CBS This Morning. Watch here:
This scheme was not only very coordinated, but used very sophisticated technology. Rytikov operated an anonymous Web server while Drinkman and Kalinin did the actual hacking and Kotov harvested the stolen data. Smilianets then sold the data to other bottom-feeders--$10 for an American card number, $15 for a Canadian number and $50 for a European number. Apparently European numbers come at more of a premium because the security around European credit cards is much tougher than for those in North America. They used SQL injections to infect the targets with malware that allowed them to get into the customer databases. According to the NYT, the hackers may very well have had the backing of the Russian mafia--meaning that this is only the tip of an economy-sized iceberg.
This scheme was actually broken up last year, when Drinkman and Smilanets were both arrested in the Netherlands. Smilanets has already been extradited to the States, while Drinkman is still in Dutch custody. The other three are still at large.
The scary part is that these guys were able to keep it up for seven years. Given the damage they did, it wouldn't be too out of line to make them die in prison.