Russian hacker pleads guilty in major US breach

Russian hacker, Vladimir Drinkman, pleads guilty to US hack earlier this year.
Russian hacker, Vladimir Drinkman, pleads guilty to US hack earlier this year.

A Russian hacker extradicted to the US earlier this year admitted his role in the largest hack in US history. The attack compromised more than 160 million credit card numbers, resulting in hundreds of millions of US dollars in losses.

Vladimir Drinkman, 34, said Tuesday in federal court in Camden, New Jersey, that he plotted with four other men to steal credit card numbers from payments processors Global Payments and Heartland Payment Systems, grocery chain Hannaford Brothers and at least 14 other organisations from 2005 to 2012.

Prosecutors announced on 15 September that Drinkman pleaded guilty to one count of conspiracy to commit unauthorised access of protected computers and another count of conspiracy to commit wire fraud. Drinkman helped find vulnerabilities in information systems and used malware to steal passwords and card numbers.

Drinkman faces a maximum sentence of 30 years in prison on the wire fraud charge and five years on the other charge in addition to fines. He originally pleaded not guilty when extradited to the US in February to face 11 charges.

“Defendants like Vladimir Drinkman, who have the skills to break into our computer networks and the inclination to do so, pose a cutting edge threat to our economic well-being, our privacy and our national security,” Paul Fishman, the US attorney in New Jersey, said in a statement.

The case's indictment says the five defendants each played a specific role in the plan. Drinkman and Alexandr Kalinin of St. Petersburg, Russia, supposedly specialised in infiltrating network security and gaining access to the corporate victims' systems. Drinkman and Roman Kotov of Moscow allegedly specialised in mining the networks to steal important data. Mikhail Rytikov of Odessa, Ukraine, allegedly provided anonymous Web-hosting services for the hackers to hide their activities. Dmitriy Smilianets of Moscow supposedly sold the information stolen by the defendants and distributed the earnings of the scheme to the participants.

"This hacking ring's widespread attacks on American companies caused serious harm and more than $300 million [£200m] in losses to people and businesses in the United States," says assistant attorney general Leslie Caldwell. "As law enforcement around the world responds to the cyber-threat that affects us all, I am confident that this type of international cooperation that led to this result will be the new normal."

Smialianets is in US custody along with Drinkman. The alleged co-conspirators remain at large. Drinkman is scheduled for sentencing in January 2016.