Cybersecurity , Data Breach , Fraud

Alleged Russian Mega-Hacker Extradited

Charged With Masterminding Largest-Ever U.S. Hack Attack
Alleged Russian Mega-Hacker Extradited

More than two years after his arrest, Russian national Vladimir Drinkman, 34, who's been charged with masterminding the biggest hack attack in U.S. history, has finally been extradicted to the United States. He appeared in a New Jersey federal courtroom Feb. 17, where he pleaded not guilty to 11 charges filed against him by the U.S. Department of Justice (see Fraud Indictment: 160 Million Cards).

See Also: Secure Access in a Hybrid IT World

Drinkman was arrested by Dutch authorities on June 28, 2012, at the request of U.S. prosecutors. But he remained incarcerated in the Netherlands while the Dutch government reviewed competing extradition requests that were filed by U.S. and Russian authorities. In November 2014, however, Dutch Justice and Security Minister Ivo Opstelten upheld the U.S. extradition request for Drinkman on the grounds that U.S. authorities filed their request first (see Accused Nasdaq Hacker Faces Extradition).

U.S. authorities have hailed the extradition as a model of transnational cooperation. "Hackers often take advantage of international borders and differences in legal systems, hoping to evade extradition to face justice," says U.S. Assistant Attorney General Leslie Caldwell. "This case and today's extradition demonstrates that through international cooperation, and through great teamwork between the Department of Justice and the Department of Homeland Security, we are able to bring cyber thieves to justice in the United States, wherever they may commit their crimes."

Drinkman allegedly ran a group that included three other Russians and one Ukrainian who were indicted in 2013 over their alleged involvement in a credit and debit card fraud scheme that resulted in more than 160 million cards being stolen from payments processors Global Payments and Heartland Payment Systems, as well as grocery chain Hannaford Brothers, among other organizations, according to a second superseding indictment, which was unsealed in July 2013 in Newark federal court.

Between 2005 and 2012, according to the indictment, Drinkman's gang allegedly launched attacks against NASDAQ, 7-Eleven, Carrefour, JCP, Hannaford, Heartland, Wet Seal, Commidea, Dexia, JetBlue, Dow Jones, Euronet, Visa Jordan, Global Payment, Diners Singapore and Ingenicard. U.S. authorities say that NASDAQ's trading platform was not affected by those attacks. They also note that the fraud losses incurred by just three of the hacked organizations topped $300 million.

Five Men Charged

Drinkman's cybercrime ring often hacked into websites by exploiting SQL injection flaws, court documents allege. But according to the indictment, the alleged members of the hacking team brought different skills to bear:

  • Drinkman is a "sophisticated hacker" and expert at "penetrating network security and gaining access to the corporate victims' systems," the indictment says;
  • Alexandr Kalinin, 28, is described as having the same skills as Drinkman, and has been charged in two other federal indictments with hacking NASDAQ, as well a multiple U.S. financial institutions;
  • Roman Kotov, 33, "specialized in mining the networks Drinkman and Kalinin compromised to steal valuable data";
  • Mikhail Rytikov, 27, provided "anonymous web-hosting services" used by attackers. He's also been charged for an unrelated attack;
  • Dmitriy Smilianets, 31, "sold the information stolen by the other conspirators and distributed the proceeds of the scheme to the participants."

Both Drinkman and Kalinin were previously charged in a 2009 indictment that tied Albert Gonzalez to five corporate hacking campaigns, including the Heartland data breach, which at the time was the biggest-ever reported breach. Gonzalez perpetrated those attacks at the same time as he was helping U.S. authorities investigate the notorious global cybercrime ring known as "Shadowcrew" (see Will Indictments Curb Card Fraud?). Gonzalez is serving a 20-year prison sentence.

Federal authorities say that Kalinin, Kotov and Rytikov remain at large. New York-based criminal attorney Arkady Bukh tells Information Security Media Group that he's representing Rytikov - who's Ukrainian - in this case, and that he remains a fugitive. "He's not on American soil," Bukh says, adding that it is "very common" for someone facing U.S. hacking charges to retain an attorney in the United States, even if they're not incarcerated there. "People in Russia want to have representation, at this time, for negotiation purposes," he says.

Both Drinkman and Smilianets, meanwhile, were arrested in the Netherlands, at Schipol Airport, in 2012, at the request of U.S. authorities. Smilianets was extradited to the United States in September 2012; unlike Drinkman, he didn't contest the extradition request.

Prediction: Plea Bargain

In November, Drinkman told Dutch daily newspaper NRC Handelsblad that he would have preferred to serve any jail time in a Russian prison. He has also continued to maintain his innocence, saying that the United States has no "technical evidence" against him.

But Bukh predicts the case against Drinkman will end in a plea bargain, in part because of the sheer amount of evidence gathering and effort that goes into building this type of case, prior to U.S. prosecutors - who are keen to maintain their conviction rates - filing an extradition request. As a result, he says it's quite rare for an accused hacker who's been extradited to the United States to win their case, given how thoroughly the related charges tend to be documented. Accordingly, after being extradited, most accused hackers attempt to negotiate, and Bukh predicts that Drinkman and Smilianets will pursue that course.

"The chances are 95 percent that we will be talking about the plea, or maybe some negotiations about the number of cards, or the dollar amounts, or the number of victims, which will mitigate exposure - but not about guilt or innocence," he says.

The trial of Drinkman and Smilianets is scheduled to begin on April 27.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the Executive Editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, amongst other publications. He lives in Scotland.

Around the Network