Russian hackers charged in 'biggest' data breach case, 160mn credit card numbers stolen
A US court has charged four Russians and a Ukrainian for stealing more than 160 million credit card numbers, which the prosecution says has resulted in hundreds of millions of dollars in losses for major corporations worldwide.
The five have been charged with running a sophisticated hacking organization that penetrated computer networks of more than a dozen major American and international corporations over seven years.
As the indictments were announced on Thursday in Newark, N.J., a local US attorney called it “the largest hacking and data breach scheme ever prosecuted in the United States.”
The so-called “dumps” acquired by the hackers amounted to
more than 160 million credit and debit card numbers, attorney
Paul Fishman said in a statement. According to indictments, the
group was selling stolen data to “dumps resellers,” who in
turn offered them to individuals and organizations, partly by
means of online forums.
The end-point individuals referred to as “the cashers”
used the information by encoding it into blank plastic cards, and
then cashed out the value. While in the case of debit cards they
directly withdrew money from ATMs, credit card 'duplicates' were
used for running up charges and purchasing goods.
“Financial institutions, credit card companies and consumers
suffered hundreds of millions in losses, including losses in
excess of $300 million by just three of the corporate victims,
and immeasurable losses to identity theft victims,” the
indictment said. The companies targeted included the NASDAQ, Visa
Inc., 7-Eleven Inc., Heartland Payment Systems Inc., the Belgium
bank Dexia Bank Belgium, as well as Carrefour SA (CA), France’s
biggest retailer.
The defendants in the case are Russian nationals Vladimir Drinkman, a businessman from Moscow and Syktyvkar (northern Russia), Aleksandr Kalinin of St. Petersburg, Roman Kotov of Moscow and Dmitry Smilianets, ‘Moscow Five’ cybersport project head, along with Ukrainian Mikhail Rytikov of Odessa.
Drinkman and Kalinin were identified as sophisticated hackers, who penetrated networks of companies, banks and payment processors, while Kotov is said to have been harvesting the hacked data, with Rytikov providing anonymous web-hosting services for the operation.
Smilianets was the information salesman of the group, the
American prosecution said.
All five have been charged with taking part in a computer hacking
conspiracy and conspiracy to commit wire fraud, while four
Russian members of the group have also been charged with multiple
counts of unauthorized computer access and wire fraud.
Unindicted co-conspirators in the case have also been declared in
court, including Albert Gonzalez of Miami, who was sentenced for
20 years in prison in 2010 on the charges of stealing many
millions of credit and debit card records. The prosecution has
built on the case of Gonzalez, who is serving two concurrent
sentences for targeting the above companies, as well as some
regional retailers.