backtop


Print 20 comment(s) - last by Visual.. on Jul 31 at 9:48 AM


  (Source: France24)
Group stole 160 million credit cards and over hundreds of millions in criminal loot

The U.S. Department of Justice (DOJ) today unsealed an indictment against four Russians and a Ukranian who stand accused of orchestrating the most ambitious hacking crime in history in financial terms.

I. The Crime

The group is tied to Albert Gonzalez, who at times served as their alleged ringleader.  Mr. Gonzalez was a Florida area hacker, infamous for living large and at one point burying $1M USD in his backyard.  He's currently serving a 20-year federal prison sentence.

The hacks in question began in 2005 and continued through 2007.  The ring was first busted back in 2008, at which point two of the individuals were charged unnamed as "Hacker 1" and "Hacker 2" (as they were outside the U.S. and assumed unable to be extradited).

Now the investigation has wrapped up and names have been put to those hackers, as well as three others who participated in related attacks.  The hacking scheme allegedly nabbed 160 million credit card numbers -- most of them from a hack of Heartland Payment Systems, Inc. (HPY) which nabbed 130 million cards.

The attacks were highly sophisticated, but often started with a relatively unskilled technique -- SQL injection.  Once access was gained to corporate servers, malware was installed, including so-called "back door" software, which is designed to keep an open access link to the attacker's servers.  Corporations in some cases detected the attacks, according to the indictment, but were often penetrated a second time or more due to the surprisingly "persistent" and diverse array of attacks used by the defendants.

Credit Cards
Using sniffers, malware, SQL injection scripts, and a "persistent" attack level, a ring of five Russian hackers, plus imprisoned U.S. hacker Albert Gonzalez, scored 160 million credit cards. [Image Source: France24]

The more sophisticated side of the attacks also included installing malware on individuals' PCs worldwide to create a botnet, which acted as distributed storage for the stolen information from the corporate-level attacks.  It is unclear what virus/malware the suspects used, but the indictment does indicate they also installed sniffers on affected machines to offer yet another route to stealing credit card numbers and personal information.

II. The Victims

The going rates charged by the suspects per stolen credit card (CC) number (with associated data) was:
  • American CC: $10 USD
  • Canadian CC: $15 USD
  • European CC: $50 USD
Those who purchased the card information actively used it to then steal money from the affected individuals and institutions.  The indictment describes, "Ultimately, the end users encoded each dump onto the magnetic strip of a blank plastic card and cashed out the value of the dump by either withdrawing money from ATMs or making purchases with the cards."

U.S. Attorney Paul Fishman
U.S. Attorney Paul Fishman announces the charges at a special press conference.
[Image Source: AP]

The hacked financial and corporate entities include:
  • NASDAQ
  • 7-Eleven, Inc.
  • Carrefour SA (EPA:CA) (a French clothing retailer)
  • J.C. Penney Comp., Inc. (JCP)
  • Hannaford Bros. Comp.
  • Heartland Payment Systems
  • The Wet Seal, Inc. (WTSL)
  • Verifone Systems Inc.'s (PAY) Commidea
  • Dexia SA (ETR:DXB)
  • JetBlue Airways Corp. (JBLU)
  • Dow Jones
  • Euronet Worldwide, Inc. (EEFT)
  • Visa Inc.'s (V) Jordan subsidiary
  • Global Payments Inc. (GPN)
  • Diners Club Singapore
  • Ingenicard U.S. Inc.
The losses were huge, totalling $300M USD for just three of the above affected corporate entities alone.  The feds write:

As a result of the scheme, financial institutions, credit card companies and consumers suffered hundreds of millions in losses – including more than $300 million in losses reported by just three of the corporate victims – and immeasurable losses to the identity theft victims in costs associated with stolen identities and false charges.

II. The Suspects

Here's the suspects:
  • Vladimir Drinkman, 32, of Syktyykar and Moscow, Russia
    penetrated corporate networks ("Hacker 1")
     
  • Alexandr Kalinin, 26, of St. Petersburg, Russia,
    penetrated corporate networks ("Hacker 2")
     
  • Roman Kotov, 32, of Moscow
    Mined compromised networks for sensitive data
     
  • Mikhail Rytikov, 26, of Odessa, Ukraine
    Helped co-defendants hide tracks with anonymized web hosting and other services
     
  • Dmitriy Smilianets, 29, of Moscow
    Acted as sales person and accountant for illegal sales of the stolen credit card and personal info

...and the charges against them:

Count(s)

Defendants

Violation

Maximum Penalty/Count

1

All

Conspiracy to gain unauthorized access to computers (18 USC § 1030)

5 years; $250,000 fine or twice the gain or loss from the offense

2

All

Conspiracy to commit wire fraud (18 USC § 1343)

30 years; $1 million fine or twice the gain or loss from the offense

3-8

Drinkman
Kalinin
Kotov
Smilianets

Unauthorized access to computers(18 USC § 1030)

5 years; $250,000 fine or twice the gain or loss from the offense

9-11

Drinkman
Kalinin
Kotov
Smilianets

Wire fraud (18 USC § 1343)

30 years; $1 million fine or twice the gain or loss from the offense

 

Unfortunately, only Mr. Drinkman and Mr. Smilianets look likely to be extradited to the U.S. to stand trial.  That pair made the mistake of travelling to the Netherlands in 2012 on a vacation, where local authorities recognized and arrested them.  A person close to the case commented, "Here's the world's biggest hacker.  We got lucky."

Mr. Smilianets was already famous before the charges, having been a top professional gamer on the European and Russian circuits.  His attorney Bruce Provda contended to Reuters that the charges are false and that the extradition may be illegal.  He says he plans to fight "vigorously" for his client in court, remarking, "He was well known in certain [gaming] circles."

They are currently awaiting extradition.  The other three suspects, including Mr. Kalnin -- who along with Mr. Drinkman and Mr. Gonzalez -- orchestrated the attacks, remain at large.

The charges against the mostly Russian hacking ring follows a June 2013 indictment against an alleged 8-person Ukrainian hacking ring.  In that case, though, at least five of the suspects had immigrated to the U.S. and hence were able to be quickly nabbed.  That hacking ring was less sophisticated, compared to the Russians, and "only" managed to steal $15M USD.  The suspects in that case are currently awaiting trial.

Sources: DOJ [press release], Reuters



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: So how come...
By FITCamaro on 7/26/2013 4:44:11 PM , Rating: 2
Agreed on Zimmerman. Gotta love one of the members of the jury basically saying that she thought he was guilty but those pesky things called the facts got in the way. Of course the jury only saw less than half the facts.


"This is about the Internet.  Everything on the Internet is encrypted. This is not a BlackBerry-only issue. If they can't deal with the Internet, they should shut it off." -- RIM co-CEO Michael Lazaridis














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki