July 26, 2013

Five indicted in global hacking case

The four Russian nationals and a Ukrainian are accused of stealing millions from major corporations.

By SAMANTHA HENRY The Associated Press

NEWARK, N.J. - Four Russian nationals and a Ukrainian have been charged with running a sophisticated hacking organization that penetrated computer networks of more than a dozen major American and international corporations over seven years, stealing and selling at least 160 million credit and debit card numbers, resulting in losses of hundreds of millions of dollars.

Paul Fishman
click image to enlarge

U.S. Attorney Paul Fishman talks about the arrest of four Russian nationals and a Ukrainian during a news conference Thursday in Newark, N.J.

The Associated Press

Press Herald file photo

INDICTED HACKERS LINKED
TO 2007-2008 BREACH
AT HANNAFORD SUPERMARKETS

The Scarborough-based supermarket chain Hannaford Bros. was one of the victims of five hackers whose indictments were announced Thursday in Newark, N.J.

From Dec. 7, 2007, to March 10, 2008, hackers stole credit and debit card numbers from people who shopped at Hannaford supermarkets. The company operates more than 200 stores under various names in New England, New York and Florida.

An estimated 4.2 million card numbers were exposed, and by the time Hannaford publicly announced the breach on March 17, 2008, about 1,800 fraudulent charges had been made.

The latest prosecution builds on a 2009 case that resulted in a 20-year prison sentence for Albert Gonzalez of Miami, who is identified in the new complaint as an unindicted co-conspirator. The Gonzalez case focused on the theft from Hannaford, 7-Eleven and Heartland Payment Systems, a New Jersey-based card payment processor, and at the time was the biggest breach of its kind ever discovered in the U.S.

Two co-defendants in that case, identified in court documents as "Hacker 1"' and "Hacker 2," were listed as fugitives at the time. Authorities said hackers 1 and 2 were among the five men whose indictments were announced Thursday.

Authorities have said Gonzalez amassed $2.8 million, which he used to buy a Miami condo, a car, Rolex watches and a Tiffany ring for his girlfriend.

They said Gonzalez and his foreign co-defendants would drive past retailers with a laptop computer, tapping into those with vulnerable wireless Internet signals. They would then install "sniffer programs" that picked off credit and debit card numbers as they moved through a retailer's computers before trying to sell the numbers overseas, authorities said.

The charging documents unsealed Thursday show instant messages between Gonzalez and another of the Hannaford hackers, Aleksander Kalinin, originally from St. Petersburg, Russia.

When Kalinin jokes about the breach being reported on TV news, Gonzalez advises him to set up Google news alerts -- for "data breach," "credit card fraud," "debit card fraud," "atm fraud" and "hackers" -- to learn whether his hacks had been discovered, the documents said.

-- The Associated Press

Indictments were announced Thursday in Newark, where U.S. Attorney Paul Fishman called the case the largest hacking and data breach scheme ever prosecuted in the United States.

Princeton-based Heartland Payment Systems Inc., which processes credit and debit cards for small to mid-sized businesses, was identified as taking the biggest hit in a scheme starting in 2007 -- the theft of more than 130 million card numbers at a loss of about $200 million.

Atlanta-based Global Payment Systems, another major payment processing company, had nearly 1 million card numbers stolen, with losses of nearly $93 million, prosecutors said.

The indictment did not put a loss figure on the thefts at some other major corporations, including Commidea Ltd., a European provider of electronic payment processing for retailers. The government said hackers in 2008 covertly removed about 30 million card numbers from its computer network.

NOT ALL SUFFERED FINANCIAL LOSS

About 800,000 card numbers were stolen in an attack on the Visa network, but the indictment did not cite any loss figure.

Not all the companies the hackers infected over the years with malicious computer software suffered financial losses. Customer log-in credentials were stolen from Nasdaq and Dow Jones Inc., the indictment said, though prosecutors said Nasdaq's securities trading platform was not affected.

The indictment said the suspects sent each other instant messages as they took control of the corporate data, telling each other, for instance: "NASDAQ is owned." At least one man told others that he used Google news alerts to learn whether his hacks had been discovered, according to the court filing.

The defendants were identified as Vladimir Drinkman, 32, of Syktyvkar, Russia, and Moscow; Aleksander Kalinin, 26, of St. Petersburg, Russia; Roman Kotov, 32, of Moscow; Dmitriy Smilianets, 29, of Moscow; and Mikhail Rytikov, 26, of Odessa, Ukraine. Smilianets is in U.S. custody and was expected to appear in federal court next week. His New York-based lawyer, Bruce Provda, said Smilianets was in the U.S. "sightseeing" when he was arrested. "It's a rather complex international charge of hacking," Provda said. "If it goes to trial, it's going to be a lengthy trial."

Drinkman is being held in the Netherlands pending extradition, prosecutors said. His lawyer there, Bart Stapert, did not immediately return a message. The other three defendants remained at large.

The prosecution builds on the 2009 case that resulted in a 20-year prison sentence for Albert Gonzalez of Miami, who often used the screen name "soupnazi" and is identified in the new complaint as an unindicted co-conspirator. Other unindicted co-conspirators were also named. In the Gonzalez case, which focused on the theft from Heartland - at the time the biggest breach of its kind ever discovered in the U.S. - Kalinin and Drinkman were charged as "Hacker 1" and "Hacker 2."

Prosecutors identified the two as sophisticated hackers who specialized in penetrating the computer networks of multinational corporations, financial institutions and payment processors.

Kotov's specialty was harvesting data from the networks after they had been penetrated, and Rytikov provided anonymous web-hosting services that were used to hack into computer networks and covertly remove data, the indictment said. Smilianets was the information salesman, the government said.

CHARGES INCLUDE WIRE FRAUD

All five are charged with taking part in a computer hacking conspiracy and conspiracy to commit wire fraud. The four Russian nationals are also charged with multiple counts of unauthorized computer access and wire fraud.

The individuals who purchased the credit and debit card numbers and associated data from the hacking organization resold them through online forums or directly to others known as "cashers," the indictment said. According to the indictment, U.S. credit card numbers sold for about $10 each; Canadian numbers were $15 and better-encrypted European ones $50.

The data was stored on computer servers all over the world, including in New Jersey, Pennsylvania, California, Illinois, Latvia, the Netherlands, Bahamas, Ukraine, Panama and Germany.

The cashers would encode the information onto the magnetic strips of blank plastic cards and cash out the value, by either withdrawing money from ATMs in the case of debit cards, or running up charges and purchasing goods in the case of credit cards.

 

Were you interviewed for this story? If so, please fill out our accuracy form

Send question/comment to the editors




Further Discussion

Here at PressHerald.com we value our readers and are committed to growing our community by encouraging you to add to the discussion. To ensure conscientious dialogue we have implemented a strict no-bullying policy. To participate, you must follow our Terms of Use.

Questions about the article? Add them below and we’ll try to answer them or do a follow-up post as soon as we can. Technical problems? Email them to us with an exact description of the problem. Make sure to include:
  • Type of computer or mobile device your are using
  • Exact operating system and browser you are viewing the site on (TIP: You can easily determine your operating system here.)