Five Charged In Massive Hacking Ring That Bilked Millions

Printer-friendly version Email this CRN article

Five men have been charged for their role in what is believed to be a massive cybercrime ring responsible for causing millions of dollars in losses stemming from stolen credit card and account credentials.

The attacks, allegedly carried out by the men, targeted major corporate networks, pilfering more than 160 million credit card numbers. The targeted businesses include the Nasdaq, 7-Eleven, Visa Inc., Dow Jones Inc., J.C. Penney Co, and JetBlue Airways Corp, among others.

While their attacks were wildly successful, their methods of getting in and remaining on corporate systems were not, security experts told CRN. Companies are not properly carrying out security best practices, they say.

The federal indictment, made public today in New Jersey, charged the men for each of their roles in the hacking scheme. Vladimir Drinkman, 32, of Syktyykar and Moscow, Russia and Alexandr Kalinin, 26, of St. Petersburg, Russia, each specialized in penetrating network security and gaining access to the corporate victims' systems, according to New Jersey U.S. Attorney Paul J. Fishman, who briefed reporters on the indictment Thursday.


[Related: Verizon Analysis: Top 10 Causes Behind Data Breaches]

Roman Kotov, 32, of Moscow, specialized in mining the networks for data, while Drinkman and Kalinin compromised the networks to steal the valuable data, Fishman said. The hackers hid their activities using anonymous Web-hosting services provided by Mikhail Rytikov, 26, of Odessa, Ukraine. Dmitriy Smilianets, 29, of Moscow, sold the information stolen by the other conspirators and distributed the proceeds of the scheme to the participants, Fishman said.

The charges stem from data breaches at the organizations that go back seven years, Fishman said. The attackers targeted several of the largest payment processing companies, retailers and financial institutions in the world, stealing personal information on individuals, according to the statement issued Thursday by the U.S. Attorney's Office in New Jersey. Using SQL Injection, a common Web application attack technique, the attackers penetrated the corporate network and remained on the systems using a back door for remote access. "In some cases, the defendants lost access to the system due to companies' security efforts, but were able to regain access through persistent attacks," according to the statement.

The men allegedly targeted companies for months, and once they gained access, the systems were infected with malware for more than a year at some firms. To steal data, the men allegedly used sniffers to monitor network packets and identify sensitive data, which was later uploaded to remote servers where it was stored and sold on the black market. Once the stolen credit card data was sold to individuals through online forums, other people, known as money mules, would take blank plastic cards, encode them with the stolen data, and cash out the value of accounts either by withdrawing money from ATMs or making purchases.

NEXT: SQL Injection, The Preventable Culprit

Printer-friendly version Email this CRN article