A federal indictment made public today in New Jersey charges five men with conspiring in a worldwide hacking and data breach scheme that targeted major corporate networks, stole more than 160 million credit card numbers and resulted in hundreds of millions of dollars in losses. It is the largest such scheme ever prosecuted in the United States.
The defendants allegedly sought corporate victims engaged in financial transactions, retailers that received and transmitted financial data and other institutions with information they could exploit for profit. The defendants are charged with attacks on NASDAQ, 7-Eleven, Carrefour, JCP, Hannaford, Heartland, Wet Seal, Commidea, Dexia, JetBlue, Dow Jones, Euronet, Visa Jordan, Global Payment, Diners Singapore and Ingenicard. It is not alleged that the NASDAQ hack affected its trading platform.
According to the second superseding indictment unsealed today in Newark federal court and other court filings, the five men each served particular roles in the scheme. Vladimir Drinkman, 32, of Syktyykar and Moscow, Russia, and Alexandr Kalinin, 26, of St. Petersburg, Russia, each allegedly specialized in penetrating network security and gaining access to the corporate victims’ systems. Roman Kotov, 32, of Moscow, allegedly specialized in mining the networks Drinkman and Kalinin compromised to steal valuable data. Court documents allege that the defendants hid their activities using anonymous web-hosting services provided by Mikhail Rytikov, 26, of Odessa, Ukraine. Dmitriy Smilianets, 29, of Moscow, allegedly sold the information stolen by the other conspirators and distributed the proceeds of the scheme to the participants.
Court documents allege that the initial entry was often gained using a “SQL injection attack.” SQL, or Structured Query Language, is a type of programing language designed to manage data held in particular types of databases; the hackers identified vulnerabilities in SQL databases and used those vulnerabilities to infiltrate a computer network.
After acquiring the card numbers and associated data – which they referred to as “dumps” – the conspirators allegedly sold it to resellers around the world. The buyers then allegedly sold the dumps through online forums or directly to individuals and organizations. Smilianets was allegedly in charge of sales, vending the data only to trusted identity theft wholesalers.
The defendants used a number of methods to conceal the scheme. Unlike traditional Internet service providers, Rytikov allegedly allowed his clients to hack with the knowledge he would never keep records of their online activities or share information with law enforcement.
Over the course of the conspiracy, the defendants allegedly communicated through private and encrypted communications channels to avoid detection. Fearing law enforcement would intercept even those communications, some of the conspirators allegedly attempted to meet in person.
To protect against detection by the victim companies, the defendants allegedly altered the settings on victim company networks to disable security mechanisms from logging their actions. The defendants also worked to evade existing protections by security software.
Source (US DoJ)
P.S. Thanks to all those good folks at NSA that prevented this all from actually happening. Oh wait, they didn't...
P.S.S. Drinkman? That's a very Russian name