Officials: 5 Charged In Largest Hacking, Data Breach Scheme Ever Prosecuted
NEWARK, N.J. (CBSNewYork/AP) – Four Russian nationals and a Ukrainian have been charged with running a sophisticated hacking organization that over seven years penetrated computer networks of more than a dozen major American and international corporations.
Indictments were announced Thursday in Newark, where U.S. Attorney Paul Fishman called the case the largest hacking and data breach scheme ever prosecuted in the United States.
Authorities said that the hackers were patient and relentless, spending months acquiring information, CBS 2’s Jericka Duncan reported.
“They targeted some of the largest companies in the world, stealing millions of credit and debit card numbers and causing hundreds of millions of dollars in losses to their victim,” Fishman said.
Prosecutors said more than 160 million credit card numbers were stolen in the scheme, WCBS 880’s Levon Putney reported.
The victims in a scheme that allegedly ran from 2005 until last year included the electronic stock exchange NASDAQ; 7-Eleven Inc.; JCPenney Co.; the New England supermarket chain Hannaford Brothers Co.; JetBlue; Heartland Payment Systems Inc., one of the world’s largest credit and debit processing companies, French retailer Carrefour S.A., and the Belgium bank Dexia Bank Belgium.
The indictment says the suspects sent each other instant messages as they took control of the corporate data, telling each other, for instance: “NASDAQ is owned.” At least one man told others that he used Google news alerts to learn whether his hacks had been discovered, according to the court filing.
The defendants were identified as Russians Vladimir Drinkman, Aleksandr Kalinin, Roman Kotov and Dmitriy Smilianets, and Ukrainian Mikhail Rytikov.
LINK: Read The Full Indictment
Kalinin was also charged in a separate indictment in New York for hacking certain computer servers used by NASDAQ, prosecutors said.
“Because of the close and growing collaboration between the U.S. government and the private sector on issues of cyber security, our ability to unmask and prosecute the anonymous perpetrators of cyber crimes – wherever they may be located – has never been stronger,” Manhattan U.S. Attorney Preet Bharara said.
Authorities say one suspect is in the Netherlands and another is due to appear in U.S. District Court in New Jersey next week. The whereabouts of the three others were not immediately clear.
The prosecution builds on a case that resulted in a 20-year prison sentence in 2010 for Albert Gonzalez of Miami, who often used the screen name “soupnazi” and is identified in the new complaint as an unindicted co-conspirator. Other unindicted co-conspirators were also named.
Prosecutors identified Drinkman and Kalinin as “sophisticated” hackers who specialized in penetrating the computer networks of multinational corporations, financial institutions and payment processors.
Kotov’s specialty was harvesting data from the networks after they had been penetrated, and Rytikov provided anonymous web-hosting services that were used to hack into computer networks and covertly remove data, the indictment said.
Smilianets was the information salesman, the government said.
All five are charged with taking part in a computer hacking conspiracy and conspiracy to commit wire fraud, which Fishman said carries a sentence of up 30 years in prison and a fine of $1 million if convicted.
The four Russian nationals are also charged with multiple counts of unauthorized computer access and wire fraud.
The individuals who purchased the credit and debit card numbers and associated data from the hacking organization resold them through online forums or directly to others known as “cashers,” the indictment said.
According to the indictment, U.S. credit card numbers sold for about $10 each; Canadian numbers were $15 and European ones $50.
The data was stored on computer servers all over the world, including in New Jersey, Pennsylvania, California, Illinois, Latvia, the Netherlands, Bahamas, Ukraine, Panama and Germany.
The cashers would encode the information onto the magnetic strips of blank plastic cards and cash out the value, by either withdrawing money from ATMs in the case of debit cards, or running up charges and purchasing goods in the case of credit cards.
Check Out These Other Stories From CBSNewYork.com:
- Seen At 11: ‘Eating Smart’ With High-Tech Utensils
- Experts: Keep The Stink Bug Invasion Out Of Your House
- CBS 2 Exclusive: Dental Patients Out Thousands After Offices Suddenly Shut Down
- Local Expert Wonders Why Texas Ebola Patient Wasn’t Isolated Immediately
(TM and © Copyright 2013 CBS Radio Inc. and its relevant subsidiaries. CBS RADIO and EYE Logo TM and Copyright 2013 CBS Broadcasting Inc. Used under license. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed. The Associated Press contributed to this report.)