Five Charged For Hacks On Nasdaq, JCPenney And Others

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

7-Eleven and Heartland Payment Systems also hit by credit card data thieves

Five have been charged today for what is believed to be one of the biggest ever hacking operations ever prosecuted in America.

Four Russians and one Ukranian were alleged to have stolen at least 160 million credit card numbers in an operation that lasted for seven years from 2005. The victims included the Nasdaq stock exchange, 7-Eleven, Heartland Payment Systems and JCPenney, amongst many others.

Paul Fishman, the US attorney in New Jersey, said hundreds of millions of dollars had been lost as a result of the group’s actions.

FBIMassive hacking operation

An indictment opened today said the hackers “penetrated the secure computer networks of several of the largest payment-processing companies, retailers and financial institutions in the world”.

“Financial institutions, credit card companies and consumers suffered hundreds of millions in losses, including losses in excess of $300 million by just three of the corporate victims, and immeasurable losses to identity theft victims,” the indictment read.

Fishman added: “Those who have the expertise and the inclination to break into our computer networks threaten our economic well-being, our privacy, and our national security.  And this case shows there is a real practical cost because these types of frauds increase the costs of doing business for every American consumer, every day.”

The men allegedly worked with an already-convicted hacker Albert Gonzalez, who is serving 20 years in prison, according to the indictment.

The names of those charged were Vladimir Drinkman, Aleksandr Kalinin, Roman Kotov and Dmitriy Smilianets of Russia, and Mikhail Rytikov of Ukraine.

It was claimed they stole data, sold it to resellers, who then pushed it out through forums. They were also able to encode data onto magnetic strips of blank cards to withdraw money.

Kalinin and Drinkman had already been charged in 2009, but were never apprehended. It is believed they often gained access to businesses’ information by carrying out SQL injection attacks.

The attackers also managed to get malware on multiple companies’ servers for more than a year. Kotov was accused of mining the compromised networks for information.

Rytikov was said to have provided the anonymous web-hosting services for the attacks, whilst Smilianets was the one who was alleged to have sold on the stolen information to the resellers.

Drinkman and Smilianets were arrested while travelling in the Netherlands last year. Smilianets was extradited and remains in federal custody, whilst Drinkman is awaiting an extradition hearing. Kalinin, Kotov and Rytikov remain at large.

What do you know about Internet security? Find out with our quiz!