Five people accused of committing the largest theft of financial data

Original author: Justice News
  • Transfer
[Translator’s note: This is a translation of the official statement from justice.gov on July 25, 2013]

Ministry of Justice
Public Relations Office
FOR IMMEDIATE RELEASE | Thursday, July 25, 2013

In New Jersey, five people are accused of committing the largest known data theft by preliminary conspiracy.
Hackers hacked into major payment systems, retailers and financial institutions around the world.

In New Jersey today, five men are charged with five men who are suspected of hacking around the world with preliminary conspiracy and criminal intent to steal commercial data and hack large corporate networks, as well as stealing more than 160 million credit card numbers, which has caused losses of hundreds million dollars. This is the largest data theft ever recorded in the United States of America.

Today, the names of the defendants were announced by New Jersey County Attorney Paul J. Fishman, Acting Assistant Attorney General, Department of Justice Criminal Justice Mythili Raman and US Secret Service Special Agent, Office of New Jersey City Criminal Investigation by James Mottola. The US Secret Service conducted an investigation into the theft of data from large corporate networks committed in a preliminary conspiracy.

According to the allegations, the defendants searched for their victims - large financial corporations, retailers who received and transmitted financial information, as well as other institutions that possessed data that they could use to generate their income. Defendants accused of hacking attacks on the NASDAQ stock exchange, retailers 7-Eleven, Carrefour, JCP, Hannaford and Wet Seal, Heartland payment system, Commidea electronic payment providers , “Euronet”, “Visa Jordan”, “Diners Singapore” and “Ingenicard”, financial organization “Dexia”, airline “JetBlue”, financial information company “Dow Jones”, company “Global Payment”. However, this does not claim that the hacking of the NASDAQ affected its trading platform.

The second conviction, pronounced today in the federal court of Newark, indicated that five men were playing their role in the hacker scheme for stealing commercial data. Allegedly, Vladimir Drinkman (32 years old, Syktyvkar and Moscow) and Alexander Kalinin (26 years old, St. Petersburg), each of whom allegedly specialized in verifying network security and gaining access to the victim's corporate systems.

Roman Kotov (32 years old, a native of Moscow), presumably, specialized in finding the necessary data in networks that Drinkman and Kalinin had already penetrated in order to steal this valuable information in the future. Judicial documents indicate that the defendants concealed what they were doing using the services of anonymous web hosting provided by Mikhail Rytikov (26 years old, a native of Odessa, Ukraine). Dmitry Smilyanets (29 years old, Moscow), allegedly selling commercial information stolen by other conspirators, and distributing the income received by participants in this scheme.

“This type of crime poses the greatest threat to us,” says US Attorney P.J. Fishman. “Those who have the experience and knowledge of how to undermine the security of our computer networks threaten our well-being, our privacy, and our national security. This case shows that there is always a real risk (damage), because these types of fraud increase the cost of each American consumer to do business, and every day. We cannot be too alert and too careful. ”

“The defendants should be held responsible for the theft of commercial information worldwide, the victims of which were individuals and legal entities, and which resulted in hundreds of millions of dollars in losses,” said Acting Assistant Attorney General M. Raman. “Despite the considerable efforts of the accused to conceal their crime, the US Department of Justice's Criminal Cases Department and its law enforcement agencies uncovered their criminal scheme for stealing commercial data, and seek justice for numerous victims of their crime. Today’s indictment will undoubtedly serve as a serious warning to those who would illegally steal confidential information on the Internet. ”

“As can be seen from this indictment, the US Secret Service will continue to use innovative technologies to successfully investigate and arrest international cyber criminals,” said J. Mottola, a special agent for the US Secret Service. “While global cybercrime continues to have a tremendous impact on our financial institutions, this case shows that all investigative steps carried out by special agents of the US Secret Service make sure that criminals are always identified and prosecuted regardless of their places of residence. "

In 2009, Kalinin and Drinkman were accused in New Jersey of complicity as “Hacker No. 1” and “Hacker No. 2” together with Albert Gonzalez (32 years old, Miami, Florida) for theft of corporate data of the payment system “Heartland Payment Systems Inc . ”, Which, as reported, was then the largest in history. Gonzalez is currently serving a sentence (20 years in prison) in the Federal Prison for his actions.

Today, the Southern District of New York State Prosecutor’s Office filed two additional charges against Kalinin: one for complicity in hacking some servers used by the NASDAQ stock exchange, the other for stealing bank account data using an international scheme with American financial institutions, in complicity with another Russian hacker Nikolai Nosenkov. Rytikov was previously convicted in eastern Virginia for stealing business data using an unidentified scheme. Kotov and Smilianets were not previously prosecuted in the United States.

On June 28, 2012, Drinkman and Smilianets were arrested at the request of the United States while traveling to the Netherlands. Smilian was issued on September 7, 2012, and is being held in custody in the United States. At the appointed time, he will appear in the federal court of New Jersey for the announcement of the indictment. Kalinin, Kotov and Rytikov are still at large. All accused are citizens of the Russian Federation, with the exception of Rytikov, who is a citizen of Ukraine.

How hackers made attacks

According to court documents, the five defendants allegedly entered into a conspiracy with other participants to break into the computer networks of several of the largest electronic payment companies, retailers, and financial institutions around the world by stealing personal identifying information from citizens. They allegedly used usernames and passwords, identification tools (PINs), credit and debit card numbers, and other personal information about cardholders. The conspirators allegedly illegally seized more than 160 million card numbers through hacking.

In court documents, it is assumed that the initial entry was often made using a “SQL injection attack.” (SQL injection attack type). SQL is a programming language that is designed to manage records stored in special databases. Hackers identified vulnerabilities in the structured query language of this database and used these vulnerabilities to penetrate the computer network. As soon as the hackers entered the system, they hooked a malicious program (worm). This malicious worm created the so-called “backdoor”, leaving the system vulnerable and thereby helping the accused gain access to the network. In some cases, due to the efforts of company security services, the accused lost access to the system, but they could still gain access to the desired network,

According to the logs received by law enforcement officials, the defendants often tried for many months to undermine the safety of the victim company by patiently waiting for the security services to lose their vigilance. The defendants allegedly had installed malware in several companies for more than a year.

The defendants are also accused of installing so-called “sniffers” in the network of network packet analyzers. Sniffers are programs written to identify, collect and steal data from computer networks of injured corporations. Then the defendants allegedly used a network of computers located around the world to store the stolen data and to sell it to other users later.

How data was sold

After the hackers took possession of the card numbers and the corresponding identifying information, which they called "dumps", they allegedly sold it to wholesale intermediaries around the world. Then, buyers are supposed to resell card numbers along with identifying information on Internet forums or directly to individuals and organizations.

It is assumed that Smilianets was engaged in the sale of this confidential data only to his trusted wholesalers. According to court documents, he charged about $ 10 for each stolen American credit card number with identification data for this card, as well as about $ 50 for each European credit card number and identification data for it, and about $ 15 for each Canadian credit card identification number, offering discounts to wholesale and regular customers. As a result, end users applied the data of the acquired “dump” to the magnetic strip of a clean plastic card and cashed money through ATMs or paid in trading floors.

How hackers hid their criminal scheme

The defendants used several methods to hide their criminal scheme. Unlike ordinary Internet providers, Rytikov supposedly allowed his clients to engage in hacking, with the knowledge that he would never save information on the server about their activities on the network or share information with law enforcement agencies.

To transmit information and to avoid its detection, the defendants allegedly communicated through private and encrypted communication channels. Fearing that law enforcement agencies might even intercept these channels, some of the conspirators allegedly tried to meet in person.

To prevent hackers from discovering their potential victim companies, they are supposed to have changed their network settings in order to disable protection mechanisms from logging their actions. The defendants also did their best to elude existing security program protections.

* * *

Court documents claim that financial institutions, credit companies and consumers suffered hundreds of millions of dollars in losses as a result of the theft of personal and commercial data, including, as reported, only more than 300 million dollars of losses fell on three corporations. Plastic card holders suffered immeasurable losses from the theft of their personal identification data and cash withdrawals.

If hackers are found guilty, they will face the maximum punishment, namely: five years in prison for gaining unauthorized access to computers by prior conspiracy and 30 years in prison for committing fraud using electronic payment systems.

The assumptions and allegations contained in the indictment are merely charges, and the defendants are presumed innocent unless and until their guilt has been proven.

The investigation was conducted by the Office of Criminal Investigation at the US Secret Service.

Significant assistance in the investigation was provided by the Foreign Office of the Ministry of Justice, prosecutors of the Dutch Ministry of Security and Justice, and the Netherlands Police Cybercrime Unit.

Significant contribution to the investigation of this criminal case was made by Government Representative Erez Lieberman, Deputy Head of the Criminal Investigation Department of the New Jersey State Attorney's Office, Assistant Attorney for the Department for Combating Cybercrime and Intellectual Property Rights of the Department for Combating Economic Crimes, Gurbir Gruel, a judicial attorney ( lawyer with the right to speak in court) of the Department for the Investigation of Cybercrime and Intellectual Property Rights property of the Department of Criminal Crime James Silver, as well as the Kansas County and Northern Georgia County Attorneys.

Link to indictment in pdf: www.justice.gov/iso/opa/resources/5182013725111217608630.pdf
[with other details and chunks of chat logs, - approx. translator]

Translated by: lingvomonster.ru
Edited by: efimich.ru

PS More related links if you are interested:
American agents were “lucky” to prosecute Russian hackers
The FBI told about the arrest of Russian hackers a year later


Also popular now: