2 min read

Russian hackers sentenced to prison in US for compromising 160 million credit cards

Filip TRUȚĂ

February 19, 2018

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Russian hackers sentenced to prison in US for compromising 160 million credit cards

Two Muscovites have been sentenced to years in prison for their roles in the biggest data breach conspiracy ever prosecuted in the United States. Three co-conspirators are still at large.

Vladimir Drinkman, 37 and Dmitriy Smilianets, 34, had previously pleaded guilty for their roles in the conspiracy to commit wire fraud, before receiving their final sentences in a Camden, New Jersey federal court last week.

They are just two of the five conspirators who, since 2009, had systematically targeted major corporate networks, compromising 160 million credit card numbers and inflicting hundreds of millions of dollars in losses.

The fraudsters compromised the computer networks of some of the biggest players in various major industries, such as NASDAQ, 7-Eleven, Carrefour, JCP, Hannaford, Heartland, Wet Seal, Commidea, Dexia, JetBlue, Dow Jones, Euronet, Visa Jordan, Global Payment, Diners Singapore and Ingenicard.

Financial statements by just three of these organizations revealed damages upwards of $300 million because of the breaches, according to justice.gov.

Drinkman and Alexandr Kalinin, 31, specialized in penetrating network security and gaining access to corporate systems, while Roman Kotov, 36, (along with Drinkman) then mined the networks to steal credit card data. Mikhail Rytikov, 30, hid these activities using anonymous web-hosting services – acting as the others” personal ISP (internet service provider). Rytikov also made it possible for the party to monetize the heists by selling the stolen information on the underground web.

Leveraging known vulnerabilities in the Structured Query Language (SQL) employed by some databases, the perps used injection attacks to deploy malware and create a back door they could later use to exfiltrate data. When their efforts were hampered by security systems, they would employ “persistent attacks,” otherwise known as advanced persistent threats, or APTs.

They used end-to-end encrypted messaging services to discuss their operations, and sometimes met in person, fearing authorities were onto them, court documents say.

“Instant message chats obtained by law enforcement revealed the defendants often targeted the victim companies for many months, waiting patiently as their efforts to bypass security were underway,” according to the justice.gov report. “The defendants had malware implanted in multiple companies” servers for more than a year.

“To protect against detection by the victim companies, the defendants altered the settings on victim company networks to disable security mechanisms from logging their actions. The defendants also worked to evade existing protections by security software,” the report adds.

For their actions, Drinkman and Smilianets were sentenced to 12 and 4.5 years, respectively, behind bars, plus three years of supervised release. The others in the party – Kalinin, Kotov and Rytikov – are still fugitives.

tags


Author



Right now

Top posts

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read
Why and how to hide your IP address while traveling

Why and how to hide your IP address while traveling

April 13, 2022

2 min read
How Bitdefender Can Help Restore Your Privacy in the Digital Age

How Bitdefender Can Help Restore Your Privacy in the Digital Age

April 04, 2022

3 min read
How Strong is VPN Encryption?

How Strong is VPN Encryption?

February 28, 2022

3 min read
Top Three Ways Internet Users Unknowingly Help Cybercriminals

Top Three Ways Internet Users Unknowingly Help Cybercriminals

February 25, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Malware and PUA Campaigns Abuse Existing Apps, Here’s a Top 10 to Watch Out For Malware and PUA Campaigns Abuse Existing Apps, Here’s a Top 10 to Watch Out For
Silviu STAHIE

May 19, 2022

3 min read
Researchers Find Thousands of Websites that Record Everything You Type Researchers Find Thousands of Websites that Record Everything You Type
Radu CRAHMALIUC

May 16, 2022

2 min read
Ukrainian Citizen Sentenced to Prison for Brute-Forcing Credentials and Selling them Online Ukrainian Citizen Sentenced to Prison for Brute-Forcing Credentials and Selling them Online
Silviu STAHIE

May 13, 2022

2 min read