Card Not Present Fraud , Fraud Management & Cybercrime , Incident & Breach Response
Russian Mega-Hacker Pleads Guilty in Largest U.S. Breach
Vladimir Drinkman Played a Lead Role in Massive Cyber-AttackA Russian hacker who was extradited to the United States earlier this year has admitted his role in the largest hack attack in U.S. history. The scheme, which compromised more than 160 million credit card numbers and resulted in hundreds of millions of dollars in losses, affected payments processors Global Payments and Heartland Payment Systems, as well as grocery chain Hannaford Brothers and about a dozen other organizations, according to the U.S. Department of Justice.
See Also: 57 Tips to Secure Your Organization
Vladimir Drinkman, 34, has pleaded guilty to one count of conspiracy to commit unauthorized access of protected computers and one count of conspiracy to commit wire fraud, prosecutors announced Sept. 15. Under terms of his plea agreement, he faces a maximum sentence of 30 years in prison on the wire fraud charge and five years on the other charge, plus fines.
Drinkman had originally entered a not guilty plea when he was extradited to the United States in February to face 11 charges (see: Alleged Russian Mega-Hacker Extradicted).
"This hacking ring's widespread attacks on American companies caused serious harm and more than $300 million in losses to people and businesses in the United States," says Assistant Attorney General Leslie Caldwell. "As law enforcement around the world responds to the cyber threat that affects us all, I am confident that this type of international cooperation that led to this result will be the new normal."
Extradiction Was Delayed
Drinkman was arrested by Dutch authorities on June 28, 2012, at the request of U.S. prosecutors. But he remained incarcerated in the Netherlands while the Dutch government reviewed competing extradition requests that were filed by U.S. and Russian authorities. In November 2014, however, Dutch Justice and Security Minister Ivo Opstelten upheld the U.S. extradition request for Drinkman on the grounds that U.S. authorities filed their request first (see Accused Nasdaq Hacker Faces Extradition).
Drinkman allegedly ran a group that included three other Russians and one Ukrainian who were indicted in 2013 over their alleged involvement in the massive credit and debit card fraud scheme. The crime ring often hacked into websites by exploiting SQL injection flaws, prosecutors alleged.
Between 2005 and 2012, according to court documents, Drinkman's gang allegedly launched attacks against NASDAQ, 7-Eleven, Carrefour, JCP, Hannaford, Heartland, Wet Seal, Commidea, Dexia, JetBlue, Dow Jones, Euronet, Visa Jordan, Global Payment, Diners Singapore and Ingenicard. U.S. authorities say that NASDAQ's trading platform was not affected by those attacks.
Five Men Charged
The indictment in the case says the five defendants each played specific roles in the scheme.
Drinkman and Alexandr Kalinin, 28, of St. Petersburg, Russia, allegedly specialized in penetrating network security and gaining access to the corporate victims' systems. Drinkman and Roman Kotov, 34, of Moscow, allegedly specialized in mining the networks to steal valuable data. The hackers hid their activities using anonymous Web-hosting services allegedly provided by Mikhail Rytikov, 28, of Odessa, Ukraine. Dmitriy Smilianets, 32, of Moscow, allegedly sold the information stolen by the other conspirators and distributed the proceeds of the scheme to the participants.
Drinkman and Kalinin were previously charged in a 2009 indictment charging Albert Gonzalez, 34, of Miami, in connection with five corporate data breaches, including the breach of Heartland Payment Systems Inc., which at the time was the largest ever reported. Gonzalez is serving 20 years in federal prison for those offenses.
Kalinin is also charged in two federal indictments. The first charges him in connection with hacking certain computer servers used by NASDAQ, and the second charges him and another Russian hacker, Nikolay Nasenkov, with an international scheme to steal bank account information from U.S.-based financial institutions. Rytikov was previously charged in an unrelated scheme.
Drinkman and Smilianets were arrested at the request of the United States while traveling in the Netherlands in June 2012. Smilianets was extradited on Sept. 7, 2012, and remains in federal custody. Bloomberg News reports that he pleaded not guilty to all charges back in 2013 but is now considering whether to accept a plea deal. Kalinin, Kotov and Rytikov remain at large.