Five people accused of committing the largest theft of financial data
[Translator's note: This is a translation of the official application from justice.gov dated July 25, 2013]
Ministry of Justice
Department of Public Relations
FOR IMMEDIATE RELEASE | Thursday, July 25, 2013
In New Jersey, five people are accused of committing the largest known data theft by prior conspiracy
Hackers hacked into major payment systems, retailers and financial institutions around the world.
')
In New Jersey today, there are federal charges against five men suspected of hacking around the world with prior agreement and criminal intent to steal business data and hack large corporate networks, as well as stealing more than 160 million credit card numbers, resulting in losses to hundreds million dollars. This is the biggest data theft in history that has ever been prosecuted in the United States of America.
Today, the names of the defendants were announced by New Jersey District Attorney Paul J. Fishman (Paul J. Fishman), Acting Assistant Attorney General of the Department of Criminal Affairs under the Department of Justice, Mythili Raman, and a special agent of the US Secret Service, Investigation into the criminal affairs of Newark, New Jersey, by James Mottola. The US Secret Service conducted an investigation into the theft of data of large corporate networks, committed by prior agreement.
The defendants allegedly searched for their victims — large financial corporations, retailers that received and transmitted financial information, and other institutions that owned data that they could use to generate their income. The defendants are accused of hacking attacks on the NASDAQ Stock Exchange, 7-Eleven, Carrefour, JCP, Hannaford and Wet Seal retail operators, Heartland payment system, Commidea electronic payment providers , Euronet, Visa Jordan, Diners Singapore and Ingenicard, financial organization Dexia, JetBlue, financial information company Dow Jones, Global Payment. However, this does not claim that the NASDAQ hacking affected its trading platform.
In the second conviction, announced today at the Federal Court of Newark, it was stated that five men were fulfilling their role in the hacker scheme for the theft of commercial data. Vladimir Drinkman (32 years old, Syktyvkar and Moscow) and Alexander Kalinin (26 years old, St. Petersburg), each of whom allegedly specialized in checking network security and gaining access to corporate systems of victims, are said to be alleged.
Roman Kotov (32 years old, a native of Moscow), allegedly specialized in finding the necessary data in networks that Drinkman and Kalinin had already penetrated in order to steal this valuable information in the future. Court documents show that the defendants hid what they were doing, using the services of an anonymous web hosting provided by Mikhail Rytikov (26 years old, born in Odessa, Ukraine). Dmitry Smilyanets (29 years old, Moscow) allegedly sold commercial information stolen by other conspirators and distributed the incomes received by the participants of this scheme.
“This type of crime poses the greatest threat to us,” says US Attorney PJ Fishman. “Those who have the experience and knowledge of how to undermine the security of our computer networks threaten our well-being, our privacy, and our national security. This case shows that there is always a real risk (damage), since these types of fraud increase the cost of every American consumer to do business, and every day. We cannot be too vigilant and too cautious. ”
“The defendants must be held accountable for the theft of commercial information throughout the world, whose victims are individuals and legal entities, and which resulted in hundreds of millions of dollars in losses,” said Acting Assistant Attorney General M. Raman. “Despite the defendants’ significant efforts to hide their crime, the Department of Criminal Affairs at the US Department of Justice and its law enforcement agencies uncovered their criminal scheme to steal business data, and seek justice for the many victims of their crime. Today’s indictment will undoubtedly serve as a serious warning for those who will illegally steal confidential information on the Internet. ”
“As is evident from this indictment, the US Secret Service will continue to use innovative technologies to successfully investigate and arrest international cyber-criminals,” said the special agent of the US Secret Service, J. Mottola. “While global cybercrime continues to have a tremendous impact on our financial institutions, this case shows that all investigations carried out by special agents of the US Secret Service make sure that criminals will always be identified and prosecuted regardless of their places of residence. "
In 2009, Kalinin and Drinkman were charged in New Jersey with complicity as Hacker # 1 and Hacker # 2, along with Albert Gonzalez (32, Miami, Florida) for stealing corporate data from Heartland Payment Systems Inc. ., Which was reportedly the largest in history. Currently, Gonzalez is serving a sentence (20 years in prison) in the Federal Prison for his actions.
Today, the Southern District of New York Prosecutor’s Office brought two additional accusations to Kalinin: one for complicity in hacking some of the servers used by the NASDAQ stock exchange, and the other for stealing bank account data from an American financial institution in association with another Russian hacker Nikolai Nosenkov. Rytikov was previously convicted in the Eastern District of Virginia for stealing business data using an unidentified scheme. Kotov and Smilyanets were not previously prosecuted in the United States.
June 28, 2012 Drinkman and Smilyanets were arrested at the request of the United States while traveling to the Netherlands. Smilianets was extradited on September 7, 2012, and detained in the United States. At the appointed time, he will appear in the Federal Court of the State of New Jersey to announce the indictment. Kalinin, Kotov and Rytikov remain at large. All the accused are citizens of the Russian Federation, with the exception of Rytikov, who is a citizen of Ukraine.
How hackers made attacks
According to court documents, the five defendants allegedly colluded with other participants to infiltrate the computer networks of several of the largest e-payments companies, retail operators and financial institutions around the world, by stealing personal identifying information from citizens. They allegedly used user names and their passwords, identification means (PIN codes), credit and debit card numbers and other personal information about payment card holders. The conspirators allegedly illegally seized more than 160 million card numbers by hacking.
In court documents, it is assumed that the initial entry was often made using a “SQL injection attack.” (“SQL injection” attacks). SQL is a programming language that is designed to manage records stored in special databases. Hackers revealed structured query language vulnerabilities in this database and used these vulnerabilities to penetrate the computer network. As soon as hackers got into the system, they hooked up a malicious program (worm). This malicious worm created a so-called “backdoor”, leaving the system vulnerable and thus helping the accused to gain access to the network. In some cases, thanks to the efforts of the security services of the companies, the defendants lost access to the system, but they could still gain access to the desired network, using without stopping and systematically attacking further.
As the communication logs obtained by law enforcement officers show, the defendants often for many months tried to undermine the security of the victim company, patiently waiting for the security services to lose their vigilance. The defendants allegedly had installed malware in several companies for over a year.
Also, the defendants are accused of installing network packet analyzers in the network, the so-called "sniffers." "Sniffer" - a program written to identify, collect and steal data from computer networks of injured corporations. Then the defendants allegedly used a network of computers located around the world to store stolen data and to sell them to other users.
How the data was sold
After the hackers took possession of the card numbers and the corresponding identifying information, which they call “dumps,” they allegedly sold it to wholesalers all over the world. The buyers were then supposed to resell the card numbers along with the identifying information on Internet forums or directly to individuals and organizations.
It is assumed that Smilyanets was engaged in the sale of this confidential data only to his trusted wholesalers. According to court documents, he charged approximately $ 10 for each stolen American credit card number with identification data for this card, as well as approximately $ 50 for each European credit card number and identification data for it, and about $ 15 for each Canadian credit card number with identification data, offering discount in price to wholesale and regular customers. As a result, the end users applied the data of the acquired “dump” to the magnetic strip of a clean plastic card and cashed money through ATMs or paid in the sales area.
How hackers hid their criminal scheme
The defendants used several methods to hide their criminal scheme. Unlike ordinary Internet service providers, Rytikov allegedly allowed his clients to engage in hacking, with the knowledge that he would never save information on the server about their online activities or share information with law enforcement agencies.
To transfer information and to avoid its detection, the defendants allegedly communicated through private and encrypted communication channels. Fearing that law enforcement agencies might even intercept these channels, some of the conspirators allegedly tried to meet in person.
So that hackers are not discovered by their potential victim companies, they are supposed to have changed their network settings in order to disable the protection mechanisms from logging their actions. The defendants also did their best to escape from the existing protection of security programs.
* * *
Court documents claim that as a result of the theft of personal and commercial data, financial institutions, credit companies and consumers suffered hundreds of millions of dollars in losses, including, as reported, only more than $ 300 million in damages falls to three corporations. Holders of plastic cards suffered immeasurable losses from the theft of their personal identification data and cash withdrawals.
If the hackers are found guilty, they will face the maximum penalty, namely: five years in prison for obtaining unauthorized access to computers by prior agreement and 30 years in prison for committing fraud using electronic payment systems.
Assumptions and statements contained in the indictment are only charges, and defendants are considered innocent, if and until their guilt is not proven.
The investigation was conducted by the Office of the Criminal Investigation of the US Secret Service.
Significant assistance in the investigation was provided by the Foreign Affairs Department of the Ministry of Justice, the prosecutors of the Netherlands Ministry of Security and Justice, and the unit for the fight against cybercrime of the Netherlands police.
A significant contribution to the investigation of this criminal case was made by the representative of the government, Erez Lieberman, Deputy Head of the Criminal Investigation Department of the Prosecutor's Office of the State of New Jersey, Assistant Prosecutor of the Division for Investigating Cybercrime and Infringement of Intellectual Property Rights of the Economic Crime Department, lawyer with the right to speak in the courts) of the Division for the Investigation of Cybercrime and Intellectual Property James Silver’s Department of Crime Prevention, as well as the Kansas County and Northern Georgia District Attorney’s Office.
Link to the indictment in pdf: www.justice.gov/iso/opa/resources/5182013725111217608630.pdf
[with other details and chunks of chat logs, - approx. translator]
Translation using: lingvomonster.ru
Edit: efimich.ru
PS More related links, if anyone is interested:
American agents "lucky" in the pursuit of Russian hackers
The arrest of Russian hackers FBI told a year later
Ministry of Justice
Department of Public Relations
FOR IMMEDIATE RELEASE | Thursday, July 25, 2013
In New Jersey, five people are accused of committing the largest known data theft by prior conspiracy
Hackers hacked into major payment systems, retailers and financial institutions around the world.
')
In New Jersey today, there are federal charges against five men suspected of hacking around the world with prior agreement and criminal intent to steal business data and hack large corporate networks, as well as stealing more than 160 million credit card numbers, resulting in losses to hundreds million dollars. This is the biggest data theft in history that has ever been prosecuted in the United States of America.
Today, the names of the defendants were announced by New Jersey District Attorney Paul J. Fishman (Paul J. Fishman), Acting Assistant Attorney General of the Department of Criminal Affairs under the Department of Justice, Mythili Raman, and a special agent of the US Secret Service, Investigation into the criminal affairs of Newark, New Jersey, by James Mottola. The US Secret Service conducted an investigation into the theft of data of large corporate networks, committed by prior agreement.
The defendants allegedly searched for their victims — large financial corporations, retailers that received and transmitted financial information, and other institutions that owned data that they could use to generate their income. The defendants are accused of hacking attacks on the NASDAQ Stock Exchange, 7-Eleven, Carrefour, JCP, Hannaford and Wet Seal retail operators, Heartland payment system, Commidea electronic payment providers , Euronet, Visa Jordan, Diners Singapore and Ingenicard, financial organization Dexia, JetBlue, financial information company Dow Jones, Global Payment. However, this does not claim that the NASDAQ hacking affected its trading platform.
In the second conviction, announced today at the Federal Court of Newark, it was stated that five men were fulfilling their role in the hacker scheme for the theft of commercial data. Vladimir Drinkman (32 years old, Syktyvkar and Moscow) and Alexander Kalinin (26 years old, St. Petersburg), each of whom allegedly specialized in checking network security and gaining access to corporate systems of victims, are said to be alleged.
Roman Kotov (32 years old, a native of Moscow), allegedly specialized in finding the necessary data in networks that Drinkman and Kalinin had already penetrated in order to steal this valuable information in the future. Court documents show that the defendants hid what they were doing, using the services of an anonymous web hosting provided by Mikhail Rytikov (26 years old, born in Odessa, Ukraine). Dmitry Smilyanets (29 years old, Moscow) allegedly sold commercial information stolen by other conspirators and distributed the incomes received by the participants of this scheme.
“This type of crime poses the greatest threat to us,” says US Attorney PJ Fishman. “Those who have the experience and knowledge of how to undermine the security of our computer networks threaten our well-being, our privacy, and our national security. This case shows that there is always a real risk (damage), since these types of fraud increase the cost of every American consumer to do business, and every day. We cannot be too vigilant and too cautious. ”
“The defendants must be held accountable for the theft of commercial information throughout the world, whose victims are individuals and legal entities, and which resulted in hundreds of millions of dollars in losses,” said Acting Assistant Attorney General M. Raman. “Despite the defendants’ significant efforts to hide their crime, the Department of Criminal Affairs at the US Department of Justice and its law enforcement agencies uncovered their criminal scheme to steal business data, and seek justice for the many victims of their crime. Today’s indictment will undoubtedly serve as a serious warning for those who will illegally steal confidential information on the Internet. ”
“As is evident from this indictment, the US Secret Service will continue to use innovative technologies to successfully investigate and arrest international cyber-criminals,” said the special agent of the US Secret Service, J. Mottola. “While global cybercrime continues to have a tremendous impact on our financial institutions, this case shows that all investigations carried out by special agents of the US Secret Service make sure that criminals will always be identified and prosecuted regardless of their places of residence. "
In 2009, Kalinin and Drinkman were charged in New Jersey with complicity as Hacker # 1 and Hacker # 2, along with Albert Gonzalez (32, Miami, Florida) for stealing corporate data from Heartland Payment Systems Inc. ., Which was reportedly the largest in history. Currently, Gonzalez is serving a sentence (20 years in prison) in the Federal Prison for his actions.
Today, the Southern District of New York Prosecutor’s Office brought two additional accusations to Kalinin: one for complicity in hacking some of the servers used by the NASDAQ stock exchange, and the other for stealing bank account data from an American financial institution in association with another Russian hacker Nikolai Nosenkov. Rytikov was previously convicted in the Eastern District of Virginia for stealing business data using an unidentified scheme. Kotov and Smilyanets were not previously prosecuted in the United States.
June 28, 2012 Drinkman and Smilyanets were arrested at the request of the United States while traveling to the Netherlands. Smilianets was extradited on September 7, 2012, and detained in the United States. At the appointed time, he will appear in the Federal Court of the State of New Jersey to announce the indictment. Kalinin, Kotov and Rytikov remain at large. All the accused are citizens of the Russian Federation, with the exception of Rytikov, who is a citizen of Ukraine.
How hackers made attacks
According to court documents, the five defendants allegedly colluded with other participants to infiltrate the computer networks of several of the largest e-payments companies, retail operators and financial institutions around the world, by stealing personal identifying information from citizens. They allegedly used user names and their passwords, identification means (PIN codes), credit and debit card numbers and other personal information about payment card holders. The conspirators allegedly illegally seized more than 160 million card numbers by hacking.
In court documents, it is assumed that the initial entry was often made using a “SQL injection attack.” (“SQL injection” attacks). SQL is a programming language that is designed to manage records stored in special databases. Hackers revealed structured query language vulnerabilities in this database and used these vulnerabilities to penetrate the computer network. As soon as hackers got into the system, they hooked up a malicious program (worm). This malicious worm created a so-called “backdoor”, leaving the system vulnerable and thus helping the accused to gain access to the network. In some cases, thanks to the efforts of the security services of the companies, the defendants lost access to the system, but they could still gain access to the desired network, using without stopping and systematically attacking further.
As the communication logs obtained by law enforcement officers show, the defendants often for many months tried to undermine the security of the victim company, patiently waiting for the security services to lose their vigilance. The defendants allegedly had installed malware in several companies for over a year.
Also, the defendants are accused of installing network packet analyzers in the network, the so-called "sniffers." "Sniffer" - a program written to identify, collect and steal data from computer networks of injured corporations. Then the defendants allegedly used a network of computers located around the world to store stolen data and to sell them to other users.
How the data was sold
After the hackers took possession of the card numbers and the corresponding identifying information, which they call “dumps,” they allegedly sold it to wholesalers all over the world. The buyers were then supposed to resell the card numbers along with the identifying information on Internet forums or directly to individuals and organizations.
It is assumed that Smilyanets was engaged in the sale of this confidential data only to his trusted wholesalers. According to court documents, he charged approximately $ 10 for each stolen American credit card number with identification data for this card, as well as approximately $ 50 for each European credit card number and identification data for it, and about $ 15 for each Canadian credit card number with identification data, offering discount in price to wholesale and regular customers. As a result, the end users applied the data of the acquired “dump” to the magnetic strip of a clean plastic card and cashed money through ATMs or paid in the sales area.
How hackers hid their criminal scheme
The defendants used several methods to hide their criminal scheme. Unlike ordinary Internet service providers, Rytikov allegedly allowed his clients to engage in hacking, with the knowledge that he would never save information on the server about their online activities or share information with law enforcement agencies.
To transfer information and to avoid its detection, the defendants allegedly communicated through private and encrypted communication channels. Fearing that law enforcement agencies might even intercept these channels, some of the conspirators allegedly tried to meet in person.
So that hackers are not discovered by their potential victim companies, they are supposed to have changed their network settings in order to disable the protection mechanisms from logging their actions. The defendants also did their best to escape from the existing protection of security programs.
* * *
Court documents claim that as a result of the theft of personal and commercial data, financial institutions, credit companies and consumers suffered hundreds of millions of dollars in losses, including, as reported, only more than $ 300 million in damages falls to three corporations. Holders of plastic cards suffered immeasurable losses from the theft of their personal identification data and cash withdrawals.
If the hackers are found guilty, they will face the maximum penalty, namely: five years in prison for obtaining unauthorized access to computers by prior agreement and 30 years in prison for committing fraud using electronic payment systems.
Assumptions and statements contained in the indictment are only charges, and defendants are considered innocent, if and until their guilt is not proven.
The investigation was conducted by the Office of the Criminal Investigation of the US Secret Service.
Significant assistance in the investigation was provided by the Foreign Affairs Department of the Ministry of Justice, the prosecutors of the Netherlands Ministry of Security and Justice, and the unit for the fight against cybercrime of the Netherlands police.
A significant contribution to the investigation of this criminal case was made by the representative of the government, Erez Lieberman, Deputy Head of the Criminal Investigation Department of the Prosecutor's Office of the State of New Jersey, Assistant Prosecutor of the Division for Investigating Cybercrime and Infringement of Intellectual Property Rights of the Economic Crime Department, lawyer with the right to speak in the courts) of the Division for the Investigation of Cybercrime and Intellectual Property James Silver’s Department of Crime Prevention, as well as the Kansas County and Northern Georgia District Attorney’s Office.
Link to the indictment in pdf: www.justice.gov/iso/opa/resources/5182013725111217608630.pdf
[with other details and chunks of chat logs, - approx. translator]
Translation using: lingvomonster.ru
Edit: efimich.ru
PS More related links, if anyone is interested:
American agents "lucky" in the pursuit of Russian hackers
The arrest of Russian hackers FBI told a year later
Source: https://habr.com/ru/post/188168/
All Articles