Five men charged in largest fraud hacking case in US

Four men from Russia and another from the Ukraine have been charged by the US Justice Department in a massive hacking case, which is being called by one of the attorneys involved as "the largest ever hacking and data scheme breach in the United States."

The Justice Department's press release states that Russia's Vladimir Drinkman, Aleksander Kalinin, Roman Kotov and Dmitriy Smilianets, along with Mikhail Rytikov from the Ukraine, are accused of stealing over 160 million credit card and debit card numbers over a period of seven years from a number of large corporations, including Nasdaq, Visa, Dow Jones and others. The amount of money stolen from these businesses as a result of the hacker's actions is estimated to be in the hundreds of millions of dollars. The press release says that $300 million was taken from just three of the companies affected by the hacking scheme.

The government claims that the five men, working with others, hacked into the computer systems of various large businesses by finding vulnerabilities in the companies' SQL databases and then installed malware to steal the data they needed. The hackers then sold the data, including the credit card numbers, to others while trying to keep their activities secret via encrypted communication channels.

The charges that the five men currently face in this particular case include wire fraud and unauthorized access to computers, and if convicted, all of the charges include fines and jail time. Drinkman and Smilianets were arrested in June 2012 while they were in the Netherlands and Smilianets was later extradited to the US. Kalinin, Kotov and Rytikov remain at large.

Source: US Justice Department | Credit Card image via Shutterstock

Report a problem with article
Previous Story

Whoops! Google quickly ends free Netflix promo for Chromecast

Next Story

Study shows IE10 to have better privacy protection than rivals

17 Comments

Commenting is disabled on this article.

A few years ago I was called by VISA to ask if I had made a large purchase in San Francisco. I of course said no, then asked the woman, "When did I get a VISA?"

I had applied, but was never told whether I got the card or not. Apparently I did and the card was taken in transit to me.

If they've stole this information via SQL injections and vulnerabilities, then surely visa are at the mercy of Microsoft SQL and the likes, it doesn't matter how much other security they have in place?

Adam1V said,
If they've stole this information via SQL injections and vulnerabilities, then surely visa are at the mercy of Microsoft SQL and the ilikes, it doesn't matter how much other security they have in place?

SQL injection vulnerabilities are generally due to poor coding. Even old SQL 2000 databases can be secure if configured properly.

Can't help but wonder if PRISM helped catch these guys. Despite what the "rules" are around it, you know for high profile stuff, they're using EVERY resource. Imagine how helpful it would have been and will be.

Hahaiah said,
Can't help but wonder if PRISM helped catch these guys. Despite what the "rules" are around it, you know for high profile stuff, they're using EVERY resource. Imagine how helpful it would have been and will be.
That would be interesting to know.

I have never been in credit card theft so I don't know how it works from a scammers end. But from my perspective, how does it even matter if someone gets your CC number? Any charges on them have to match the CVC number on the back AND match the postal code (zip code in the USA) of the address registered to the card owner. There is always ways to scam yes, but you would think with Credit Cards and all its protection it would almost be impossible.

The problem is many web sites doesn't ask for the cvc code. And some of those asking for it will stupidly store it in the database with your other CC infos and wont ask for it again.

LaP said,
The problem is many web sites doesn't ask for the cvc code. And some of those asking for it will stupidly store it in the database with your other CC infos and wont ask for it again.

lolwut!

2 years ago,i got a shiny new credit card. didn't even use it once. about a week later,i get a call from the CC company asking me if I bought an airline ticket in the U.A.E. I said no,not only didn't I travel,but ive never even used the card.

I'm sure these men are quite talented, but if companies don't invest more in security, this is going to keep happening. I mean, it's 2013. Yet 5 guys can still steal 160 million card numbers? Crazy! Wtf is going on? These companies make billions, but they can't secure their networks.

Nice to know so many major companies care this much about our account info.
/s

Nice graphic, John, btw.

COKid said,
I'm sure these men are quite talented, but if companies don't invest more in security, this is going to keep happening. I mean, it's 2013. Yet 5 guys can still steal 160 million card numbers? Crazy! Wtf is going on? These companies make billions, but they can't secure their networks.

Nice to know so many major companies care this much about our account info.
/s

Nice graphic, John, btw.

Exactly my thought! I mean 160 millions numbers? How many databases these people have, allegedly, broke into? And even more interesting: have the companies affected reported the breach?

Torolol said,

it said gold, but its blue.
LOL! Good catch. How the heck did you even see that. Must have really been focussing on that picture.