Fraud Indictment: 160 Million Cards

5 Charged with Hacking Global Payments, Others
Fraud Indictment: 160 Million Cards

Federal authorities have indicted five Russians and Ukrainians linked to Heartland hacker Albert Gonzalez for the roles they allegedly played in a credit and debit card fraud scheme that compromised more than 160 million cards stolen from payments processors Global Payments and Heartland Payment Systems, grocery chain Hannaford Brothers and others.

See Also: Vulnerability Management with Analytics and Intelligence

In this new indictment, Gonzalez is named as a co-conspirator for allegedly helping the others infiltrate payment card numbers. The scheme, which is believed to have lasted seven years, cost three of the victim companies more than $300 million, according to the indictment released by the U.S. Attorney's Office in the District of New Jersey. It also included attacks against NASDAQ, 7-Eleven, Carrefour S.A., JCPenney Inc., Wet Seal Inc., Commidea Ltd., Dexia Bank Belgium, JetBlue Airways, Dow Jones Inc., Euronet, Visa Jordan Card Services, Ingenicard US Inc. and Diners Club Singapore.

Vladimir Drinkman, Aleksandr Kalinin, Roman Kotov, Mikhail Rytikov and Dmitriy Smilianets, Russians and Ukrainians who allegedly specialized in malware designed to compromise payment card data, have been charged with stealing credit and debit details and later reselling the information in underground forums. Ultimately, the stolen card data was used to create so-called white payment cards that were used to conduct fraudulent cash withdrawals at ATMs or to make fraudulent purchases for goods, the indictment claims.

Authorities allege that from as early as August 2005 through at least July 2012, the defendants and co-conspirators led a hacking ring that attacked several networks and resulted in numerous high-profile breaches. According to the indictment, the ring attacked the networks of several of the world's largest payments processors, such as Global Payments, as well as retailers and financial institutions, to steal personally identifiable information, such as usernames and passwords, as well as card numbers.

In addition to Gonzalez, Damon Patrick Toey, Vladislav Anatolievich Horohorin and another unnamed individual also have been named co-conspirators in the indictment. But so far, only Horohorin has been charged.

Authorities say this case grew out of the investigation into Gonzalez, who had been helping law enforcement track other hackers involved with a worldwide cybercrime ring known as the "Shadowcrew."

In March 2010, Gonzalez was sentenced to 20 years in prison for his cybercrimes, the longest sentence at the time handed down for computer crime in a U.S. court.

A press conference hosted by the U.S. Attorney in Newark, N.J., about this latest indictment is scheduled for 11 a.m. July 25.


About the Author

Tracy Kitten

Tracy Kitten

Executive Editor, BankInfoSecurity & CUInfoSecurity

A veteran journalist with more than 18 years' experience, Kitten has covered the financial sector for the last 11 years. Before joining Information Security Media Group in 2010, where she now serves as the Executive Editor of BankInfoSecurity and CUInfoSecurity, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network