Russian hackers charged in 'biggest' data breach case, 160mn credit card numbers stolen

25 Jul, 2013 14:35 / Updated 11 years ago

A US court has charged four Russians and a Ukrainian for stealing more than 160 million credit card numbers, which the prosecution says has resulted in hundreds of millions of dollars in losses for major corporations worldwide.

The five have been charged with running a sophisticated hacking organization that penetrated computer networks of more than a dozen major American and international corporations over seven years.

As the indictments were announced on Thursday in Newark, N.J., a local US attorney called it “the largest hacking and data breach scheme ever prosecuted in the United States.”

The so-called “dumps” acquired by the hackers amounted to more than 160 million credit and debit card numbers, attorney Paul Fishman said in a statement. According to indictments, the group was selling stolen data to “dumps resellers,” who in turn offered them to individuals and organizations, partly by means of online forums.

The end-point individuals referred to as “the cashers” used the information by encoding it into blank plastic cards, and then cashed out the value. While in the case of debit cards they directly withdrew money from ATMs, credit card 'duplicates' were used for running up charges and purchasing goods.

“Financial institutions, credit card companies and consumers suffered hundreds of millions in losses, including losses in excess of $300 million by just three of the corporate victims, and immeasurable losses to identity theft victims,” the indictment said. The companies targeted included the NASDAQ, Visa Inc., 7-Eleven Inc., Heartland Payment Systems Inc., the Belgium bank Dexia Bank Belgium, as well as Carrefour SA (CA), France’s biggest retailer.

The defendants in the case are Russian nationals Vladimir Drinkman, a businessman from Moscow and Syktyvkar (northern Russia), Aleksandr Kalinin of St. Petersburg, Roman Kotov of Moscow and Dmitry Smilianets, ‘Moscow Five’ cybersport project head, along with Ukrainian Mikhail Rytikov of Odessa.

Drinkman and Kalinin were identified as sophisticated hackers, who penetrated networks of companies, banks and payment processors, while Kotov is said to have been harvesting the hacked data, with Rytikov providing anonymous web-hosting services for the operation.

Smilianets was the information salesman of the group, the American prosecution said.

All five have been charged with taking part in a computer hacking conspiracy and conspiracy to commit wire fraud, while four Russian members of the group have also been charged with multiple counts of unauthorized computer access and wire fraud.

Unindicted co-conspirators in the case have also been declared in court, including Albert Gonzalez of Miami, who was sentenced for 20 years in prison in 2010 on the charges of stealing many millions of credit and debit card records. The prosecution has built on the case of Gonzalez, who is serving two concurrent sentences for targeting the above companies, as well as some regional retailers.