Russians behind bars in US after nicking $300m+ in credit-card hacks

Pair partly responsible for largest bank-card theft ring in American history


Two Russian criminals have been sent down in America after pleading guilty to helping run the largest credit-card hacking scam in US history.

Muscovites Vladimir Drinkman, 37, and Dmitriy Smilianets, 34, ran a massive criminal ring that spent months hacking companies to get hold of credit and debit card information. They then sold it online to the highest bidders, who then recouped their investment by ripping off companies and citizens around the world.

"Drinkman and Smilianets not only stole over 160 million credit card numbers from credit card processors, banks, retailers, and other corporate victims, they also used their bounty to fuel a robust underground market for hacked information," said acting assistant attorney general John Cronan on Thursday.

"While mega breaches like these continue to affect millions of individuals around the world, hackers and would-be hackers should know that the Department of Justice will use all available tools to identify, arrest, and prosecute anyone who attacks the networks on which businesses and their customers rely."

The dodgy duo were arrested by Dutch authorities while on a trip to Amsterdam in June 2012 and sent to the US for trial. They were charged the following year, along with three associates who are still at large: Alexandr Kalinin, 31, of St Petersburg; fellow Muscovite Roman Kotov, 36; and Ukrainian Mikhail Rytikov, 30, of Odessa.

Attention

The two first caught Uncle Sam's attention in 2009 when they were noted to be working with US hacker Albert Gonzalez, who is serving a 20-year sentence for masterminding the hacking attacks that hit TJ Maxx and Heartland Payment Systems.

According to the Feds, Drinkman and his hacker chum Kalinin specialized in SQL injection attacks against corporate servers with the intent of grabbing payment card information and personal data needed to exploit it. Once inside the network, their associate Kotov would search for useful information using custom software sniffing tools, it is claimed.

Rytikov, prosecutors allege, acted as the group's ISP, supplying internet access that the gang knew would be unlogged and unrecorded. Smilianets handled the sales side, working dark web forums to find buyers for the cards at a cost of $50 per EU card, $10 for American accounts, and $15 for Canadian credit cards.

NASDAQ, 7-Eleven, Carrefour, JCP, Hannaford, Heartland, Wet Seal, Commidea, Dexia, JetBlue, Dow Jones, Euronet, Visa Jordan, Global Payment, Diners Singapore and Ingenicard were among the victims of the gang, the Feds claim. The final cost is difficult to estimate but just three of the companies targeted reported losses of over $300m thanks to the gang.

"These defendants operated at the highest levels of illegal hacking and trafficking of stolen identities," acting US attorney William Fitzpatrick said.

"They used their sophisticated computer skills to infiltrate computer networks, steal information and sell it for a profit. Perpetrators of some of the largest data breaches in history, these defendants posed a real threat to our economy, privacy and national security, and cannot be tolerated."

Drinkman pleaded guilty in a New Jersey district court to one count of conspiracy to commit unauthorized access of protected computers and one count of conspiracy to commit wire fraud. Judge Jerome Simandle sentenced him to 12 years in a US prison and three years' supervised release afterwards.

Smilianets got off more lightly, after pleading guilty to a single case of conspiracy to commit wire fraud. He was given about four and a half years in the clink, has already spent nearly five years in US jails, and will shortly be out under a three-year supervision order. Both are likely to be expelled from the country on their release, however.

"This case demonstrates the investigative capabilities of the US Secret Service and the collaborative efforts of our law enforcement partners, specifically the US Attorney's Office District of New Jersey, and the Dutch Ministry of Security and Justice," special agent in charge Mark McKevitt said.

"The Secret Service will continue to develop innovative ways to protect the financial infrastructure of the United States and bring to justice cyber criminals who use emerging technologies to conduct business." ®

Similar topics

Narrower topics


Other stories you might like

  • IBM finally shutters Russian operations, lays off staff
    Axing workers under 40 must feel like a novel concept for Big Blue

    After freezing operations in Russia earlier this year, IBM has told employees it is ending all work in the country and has begun laying off staff. 

    A letter obtained by Reuters sent by IBM CEO Arvind Krishna to staff cites sanctions as one of the prime reasons for the decision to exit Russia. 

    "As the consequences of the war continue to mount and uncertainty about its long-term ramifications grows, we have now made the decision to carry out an orderly wind-down of IBM's business in Russia," Krishna said. 

    Continue reading
  • Nothing says 2022 quite like this remote-controlled machine gun drone
    GNOM is small, but packs a mighty 7.62mm punch

    The latest drone headed to Ukraine's front lines isn't getting there by air. This one powers over rough terrain, armed with a 7.62mm tank machine gun.

    The GNOM (pronounced gnome), designed and built by a company called Temerland, based in Zaporizhzhia, won't be going far either. Next week it's scheduled to begin combat trials in its home city, which sits in southeastern Ukraine and has faced periods of rocket attacks and more since the beginning of the war.

    Measuring just under two feet in length, a couple inches less in width (57cm L х 60cm W x 38cm H), and weighing around 110lbs (50kg), GNOM is small like its namesake. It's also designed to operate quietly, with an all-electric motor that drives its 4x4 wheels. This particular model forgoes stealth in favor of a machine gun, but Temerland said it's quiet enough to "conduct covert surveillance using a circular survey camera on a telescopic mast."

    Continue reading
  • Israeli air raid sirens triggered in possible cyberattack
    Source remains unclear, plenty suspect Iran

    Air raid sirens sounded for over an hour in parts of Jerusalem and southern Israel on Sunday evening – but bombs never fell, leading some to blame Iran for compromising the alarms. 

    While the perpetrator remains unclear, Israel's National Cyber Directorate did say in a tweet that it suspected a cyberattack because the air raid sirens activated were municipality-owned public address systems, not Israel Defense Force alarms as originally believed. Sirens also sounded in the Red Sea port town of Eilat. 

    Netizens on social media and Israeli news sites pointed the finger at Iran, though a diplomatic source interviewed by the Jerusalem Post said there was no certainty Tehran was behind the attack. The source also said Israel faces cyberattacks regularly, and downplayed the significance of the incident. 

    Continue reading
  • International operation takes down Russian RSOCKS botnet
    $200 a day buys you 90,000 victims

    A Russian operated botnet known as RSOCKS has been shut down by the US Department of Justice acting with law enforcement partners in Germany, the Netherlands and the UK. It is believed to have compromised millions of computers and other devices around the globe.

    The RSOCKS botnet functioned as an IP proxy service, but instead of offering legitimate IP addresses leased from internet service providers, it was providing criminals with access to the IP addresses of devices that had been compromised by malware, according to a statement from the US Attorney’s Office in the Southern District of California.

    It seems that RSOCKS initially targeted a variety of Internet of Things (IoT) devices, such as industrial control systems, routers, audio/video streaming devices and various internet connected appliances, before expanding into other endpoints such as Android devices and computer systems.

    Continue reading
  • Taiwan bans exports of chips faster than 25MHz to Russia, Belarus
    Doom it is, then, Putin

    Taiwan's government has enacted a strict ban on the export of computer chips and chip-making equipment to Russia and Belarus, a move that will make it even harder for the two countries to access modern processors following export bans from other countries.

    The island nation is the world's largest advanced chip manufacturing hub, so the export ban carried out by Taiwan's Ministry of Economic Affairs, reported last week, will make it more difficult for Russia and Belarus to find chips for a variety of electronics, including computers, phones and TVs.

    Russia has already been scrambling to replace x86 processors from Intel and AMD that it can no longer access because of export bans by the US and other countries. This has prompted Russia to source x86-compatible chips from China for laptops that will be considerably slower than most modern systems. The country is also switching to servers using its homegrown Elbrus processors, which Russia's largest bank has found to be inadequate for multiple reasons.

    Continue reading
  • Yandex CEO Arkady Volozh resigns after being added to EU sanctions list
    Russia's top tech CEO accused of material support to Moscow

    Updated Arkady Volozh, CEO of Russia's biggest internet company Yandex, has resigned after being added to the European Union's list of individuals sanctioned as part of its response to the illegal invasion of Ukraine.

    Yandex is an analogue of Google, having started as a search engine and then added numerous productivity, cloud, and social services. The company has since expanded into ride-sharing and e-commerce.

    The European Union (EU) last Friday named Volozh and many others as part of its sixth round of sanctions against Russia.

    Continue reading
  • Ukraine's secret cyber-defense that blunts Russian attacks: Excellent backups
    This is why Viasat attack – rated one of the biggest ever of its kind – had relatively little impact

    RSA Conference The Kremlin-backed cyberattack against satellite communications provider Viasat, which happened an hour before Russia invaded Ukraine, was "one of the biggest cyber events that we have seen, perhaps ever, and certainly in warfare," according to Dmitri Alperovitch, a co-founder and former CTO of CrowdStrike and chair of security-centric think tank Silverado Policy Accelerator.

    Alperovitch shared that opinion during a global threat briefing he delivered with Sandra Joyce, EVP of Mandiant Intelligence, at the RSA Conference on Tuesday.

    The two suggested that the primary purpose of the attack on satellite comms provider Viasat was to disrupt Ukrainian communications during the invasion, by wiping the modems' firmware remotely, it also disabled thousands of small-aperture terminals in Ukraine and across Europe. The attack therefore disrupted satellite connectivity for thousands, and disabled remote monitoring of 5,800 wind turbines in Germany.  

    Continue reading

Biting the hand that feeds IT © 1998–2022