View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 18, 2015updated 19 Aug 2016 4:00pm

Five charged with 160m card hack costing $300m

Russian and Ukrainian defendants targeted NASDAQ, retailers and finance.

By Jimmy Nicholls

Five men from Russia and Ukraine have been charged for their supposed role in the mass theft of 160 million credit card numbers in a US federal court in New Jersey.

The group is accused of causing more than $300m (£200m) of losses through the scheme, with one of their number, Vladimir Drinkman, 34, of Syktyvkar and Moscow, having to be extradited from the Netherlands in order to stand trial.

Leslie Caldwell, assistant attorney general at the US Justice Department, said: "Hackers often take advantage of international borders and differences in legal systems, hoping to evade extradition to face justice.

"This case and today’s extradition demonstrates that through international cooperation, and through great teamwork between the

Department of Justice and the Department of Homeland Security, we are able to bring cyber-thieves to justice in the United States, wherever they may commit their crimes."

According to court filings, the co-defendants each had a particular role in the scheme, which targeted the NASDAQ stock exchange and financial companies such as Global Payment and Euronet as well as retailers such as Carrefour and JCP.

Drinkman and Alexandr Kalinin, 28, of St. Petersburg , were said to have focused on penetrating networks to gain access to corporate systems, while Roman Kotov, 33, of Moscow, was said to have been responsible for mining the networks for data.

Content from our partners
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester
Infosecurity Europe 2024: Rethink the power of infosecurity

Their activities were allegedly obscured by anonymous web-hosting services from Mikhail Rytikov, 27, of Odessa, Ukraine, with the stolen data said to have been sold by Dmitriy Smilianets, 31, of Moscow.

"This case demonstrates our commitment to fulfilling an important part of our integrated mission; that of protecting our nation’s critical financial infrastructure," said Joseph Clancy, acting director of the US Secret Service.

"Our determination, coupled with our network of foreign law enforcement partners, ensures that our investigative reach can expand beyond the borders of the United States."

Among the information claimed to have been stolen were passwords, means of identification and payment cards, with the initial entry into systems often achieved through SQL injection, which allows hackers to send instructions into vulnerable databases.

Victims were thought to have been targeted by the hackers over a number of months in what is known as an advanced persistent threat (APT). Some companies were said to have been able to eject the attackers from their systems, but the attackers often returned.

Prices for the stolen card numbers are said to have ranged from $10 (£6.50) for a US card number, $15 (£9.70) for a Canadian card number or $50 (£32) for a European card number, with end users either withdrawing money from cash points or buying items with the credentials.

Losses from the scheme have been difficult to quantify, but three corporate victims claim the attacks cost them in excess of $300m. The trial continues.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.