This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

$300 million Russian cyber crime ring broken by US feds

Share this article:
Jail sentences handed out for hacking and phishing
Jail sentences handed out for hacking and phishing

Four Russian nationals and a Ukrainian have been charged with breaking into US financial networks and stealing more than 160 million credit card numbers and more than $300 million.

According to the US Department of Justice statement, they broke into more than a dozen major American and international companies between 2005 and 2012, and ran a scheme to steal information from the cards. The men were named as Russians Vladimir Drinkman and Alexandr Kalinin who allegedly specialised in penetrating network security and gaining access to the corporate victims' systems. Russian Roman Kotov allegedly specialised in mining the networks that Drinkman and Kalinin compromised to steal valuable data.

Russian Dmitriy Smilianets allegedly sold the information stolen by the other conspirators and distributed the proceeds of the scheme to the participants. Finally the activities were cloaked by using anonymous web-hosting services provided by Ukrainian Mikhail Rytikov.

The US Department of Justice also said that Kalinin and Drinkman were previously charged in New Jersey as “Hacker 1” and “Hacker 2” in a 2009 indictment charging Albert Gonzalez in connection with five corporate data breaches, including the breach of Heartland Payment Systems Inc. He is currently serving 20 years in federal prison for those offenses. 

The access was achieved due to using SQL Injection vulnerabilities and malware to create a backdoor on to the network. The statement claimed that the victim companies were targeted for many months, waiting patiently as their efforts to bypass security were underway. 

After acquiring the card numbers and associated data, the conspirators allegedly sold it to resellers around the world who then charged approximately $10 (£6) for each stolen American credit card number and associated data; approximately $50 (£32) for each European credit card number and associated data; and approximately $15 (£9) for each Canadian credit card number and associated data.

To protect against detection by the victim companies, the defendants allegedly altered the settings on the victim company networks to disable security mechanisms from logging their actions. The defendants also worked to evade existing protections by security software.

If convicted, the maximum penalties for the charged counts are: five years in prison for conspiracy to gain unauthorised access to computers; 30 years in prison for conspiracy to commit wire fraud; five years in prison for unauthorised access to computers; and 30 years in prison for wire fraud. 

US Attorney Fishman, said: “Those who have the expertise and the inclination to break into our computer networks threaten our economic well-being, our privacy and our national security.

“And this case shows, there is a real practical cost because these types of frauds increase the costs of doing business for every American consumer, every day. We cannot be too vigilant and we cannot be too careful.”

Acting assistant attorney General Raman, said: “The defendants charged today were allegedly responsible for spearheading a worldwide hacking conspiracy that victimised a wide array of consumers and entities, causing hundreds of millions of dollars in losses.

“Despite substantial efforts by the defendants to conceal their alleged crimes, the department and its law enforcement counterparts have cracked this extensive scheme and are seeking justice for its many victims. Today's indictment will no doubt serve as a serious warning to those who would utilise illegal and fraudulent means to steal sensitive information online.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Turn off WPS on routers for WiFi security

Turn off WPS on routers for WiFi security ...

A Swiss researcher is advocating turning off WPS to secure routers after finding a flaw that eliminates the randomness of codes generated by some routers when WPS is switched on...

Apple's iCloud hacked, nude celeb photos posted

Apple's iCloud hacked, nude celeb photos posted

Questions have been raised about the security of Apple's iCloud service, after a hacker posted nude pictures of celebrities to the 4Chan forum, claiming they were obtained after a hack ...