Sunday, December 21, 2014
Search
  
Friday, July 26, 2013
 Five Indicted For Largest Known Data Breach Conspiracy
You are sending an email that contains the article
and a private message for your recipient(s).
Your Name:
Your e-mail: * Required!
Recipient (e-mail): *
Subject: *
Introductory Message:
HTML/Text
(Photo: Yes/No)
(At the moment, only Text is allowed...)
 
Message Text: A federal indictment made public today in New Jersey charges five men with conspiring in a worldwide hacking and data breach scheme that targeted major corporate networks, stole more than 160 million credit card numbers, resulted in hundreds of millions of dollars in losses and is the largest such scheme ever prosecuted in the United States.

The defendants allegedly sought corporate victims engaged in financial transactions, retailers that received and transmitted financial data and other institutions with information they could exploit for profit. The defendants are charged with attacks on NASDAQ, 7-Eleven, Carrefour, JCP, Hannaford, Heartland, Wet Seal, Commidea, Dexia, JetBlue, Dow Jones, Euronet, Visa Jordan, Global Payment, Diners Singapore and Ingenicard. It is not alleged that the NASDAQ hack affected its trading platform.

"This type of crime is the cutting edge," U.S. Attorney Fishman said. "Those who have the expertise and the inclination to break into our computer networks threaten our economic well-being, our privacy, and our national security. And this case shows there is a real practical cost because these types of frauds increase the costs of doing business for every American consumer, every day. We cannot be too vigilant and we cannot be too careful."

According to the second superseding indictment unsealed today in Newark federal court and other court filings:

The five men each served particular roles in the scheme. Vladimir Drinkman, 32, of Syktyykar and Moscow, Russia, and Alexandr Kalinin, 26, of St. Petersburg, Russia, each specialized in penetrating network security and gaining access to the corporate victims? systems. Roman Kotov, 32, of Moscow, also a hacker, specialized in mining the networks Drinkman and Kalinin compromised to steal valuable data. The hackers hid their activities using anonymous web-hosting services provided by Mikhail Rytikov, 26, of Odessa, Ukraine. Dmitriy Smilianets, 29, of Moscow, sold the information stolen by the other conspirators and distributed the proceeds of the scheme to the participants.

Kalinin and Drinkman were previously charged in New Jersey as "Hacker 1" and "Hacker 2" in a 2009 indictment charging Albert Gonzalez, 32, of Miami, in connection with five corporate data breaches - including the breach of Heartland Payment Systems Inc., which at the time was the largest ever reported. Gonzalez is currently serving 20 years in federal prison for those offenses. The U.S. Attorney's Office for the Southern District of New York today announced two additional indictments against Kalinin: one charges him in connection with hacking certain computer servers used by NASDAQ and a second indictment, unsealed today, charged Kalinin and another Russian hacker, Nikolay Nasenkov, with an international scheme to steal bank account information by hacking U.S.- based financial institutions. Rytikov was previously charged in the Eastern District of Virginia with an unrelated scheme. Kotov and Smilianets have not previously been charged publicly in the United States.

The five defendants conspired with others to penetrate the computer networks of several of the largest payment processing companies, retailers and financial institutions in the world, stealing the personal identifying information of individuals. They took user names and passwords, means of identification, credit and debit card numbers and other corresponding personal identification information of cardholders. Conservatively, the conspirators unlawfully acquired more than 160 million card numbers through hacking.

After acquiring the card numbers and associated data, the conspirators sold it to resellers around the world. The buyers then sold the dumps through online forums or directly to individuals and organizations. Smilianets was in charge of sales, vending the data only to trusted identity theft wholesalers. He would charge approximately $10 for each stolen American credit card number and associated data, approximately $50 for each European credit card number and associated data and approximately $15 for each Canadian credit card number and associated data ? offering discounted pricing to bulk and repeat customers. Ultimately, the end users encoded each dump onto the magnetic strip of a blank plastic card and cashed out the value of the dump by either withdrawing money from ATMs or making purchases with the cards.

The defendants used a number of methods to conceal the scheme. Unlike traditional Internet service providers, Rytikov allowed his clients to hack with the knowledge he would never keep records of their online activities or share information with law enforcement.

Over the course of the conspiracy, the defendants communicated through private and encrypted communications channels to avoid detection. Fearing law enforcement would intercept even those communications, some of the conspirators attempted to meet in person.

To protect against detection by the victim companies, the defendants altered the settings on victim company networks to disable security mechanisms from logging their actions. The defendants also worked to evade existing protections by security software.
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .