Monday, August 5, 2013

Five hackers indicted in New Jersey federal court for "largest known data breach conspiracy"

UPDATE: The title of this article has been edited to avoid any confusion. A grand jury sitting for the District Court of New Jersey returned an indictment against the named defendants. The district court did not itself indict the defendants. My apologies for any who many have misinterpreted the original heading.

The Department of Justice announced last Thursday, July 25, 2013, that a federal indictment has been issued charging five individuals from Russia and Ukraine for one count of conspiracy to commit computer hacking, one count of conspiracy to commit wire fraud, six counts of unauthorized computer access, and three counts of wire fraud. A recent press release by the U.S. attorney's office has called this indictment the “largest known data breach conspiracy" ever prosecuted by the United States.

According to the release, the five defendants, Vladimir Drinkman, Alexandr Kalinin, Roman Kotov, Mikhail Rytikov, and Dmitriy Smilianets, in cooperation with four other co-conspirators, “allegedly sought corporate victims engaged in financial transactions, retailers that received and transmitted financial data and other institutions with information they could exploit for profit.” The alleged victims include “NASDAQ, 7-Eleven, Carrefour, JCP, Hannaford, Heartland, Wet Seal, Commidea, Dexia, JetBlue, Dow Jones, Euronet, Visa Jordan, Global Payment, Diners Singapore and Ingenicard.” The group is alledged to have stolen “more than 160 million credit card numbers,” resulting in “hundreds of millions of dollars in losses.”

The indictment claims that the defendants utilized sophisticated hacking techniques that compromised users' personal information maintained by the victimized companies.The defendants then sold the information "dumps" to resellers who then, according to the indictment, "sold them either through on-line forums or directly to individuals and organizations ('cashers')."

The indictment itself outlines some of the methods the group is alleged to have used in order to gain access to the companies' information and to conceal their activities. Included in the indictment are allegations that the group used SQL injection attacks (or "methods of hacking into and gaining unauthorized access to computers connected to the Internet") and utilized so-called "bulletproof hosting" ( or "leasing servers from which law enforcement supposedly could not gain access or obtain information"). This will be an interesting case, and definitely one to keep an eye on.

Author's Note: My first thought when reading through the indictment related to extradition (specifically, I wondered how the United States planned to properly prosecute five individuals from Russia and Ukraine). As I believe I might not be the only one with such a question, I thought I should provide a small exerpt from the press release that addresses that issue

Drinkman and Smilianets were arrested at the request of the United States while traveling in the Netherlands on June 28, 2012. Smilianets was extradited Sept. 7, 2012, and remains in federal custody. He will appear in District of New Jersey federal court to be arraigned on the superseding indictment on a date to be determined. Drinkman is in custody in the Netherlands pending an extradition hearing. Kalinin, Kotov and Rytikov remain at large. All of the defendants are Russian nationals except for Rytikov, who is a citizen of Ukraine.
Mystery solved.

2nd Author's Note: Brian Krebs, a former reporter with the Washington Post and current blogger at KrebsOnSecurity, provided some great commentary on the recent indictment here.

0 comments:

Post a Comment