Russian Mega-Hacker Pleads Guilty in Largest U.S. Breach

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.databreachtoday.com/russian-mega-hacker-pleads-guilty-a-8534#

A Russian hacker who was extradicted to the United States earlier this year
has admitted his role in the largest hack attack in U.S. history. The
scheme, which compromised more than 160 million credit card numbers and
resulted in hundreds of millions of dollars in losses, affected payments
processors Global Payments and Heartland Payment Systems, as well as
grocery chain Hannaford Brothers and about a dozen other organizations,
according to theU.S. Department of Justice.

Vladimir Drinkman, 34, has pleaded guilty to one count of conspiracy to
commit unauthorized access of protected computers and one count of
conspiracy to commit wire fraud, prosecutors announced Sept. 15. Under
terms of his plea agreement, he faces a maximum sentence of 30 years in
prison on the wire fraud charge and five years on the other charge, plus
fines.

Drinkman had originally entered a not guilty plea when he was extradicted
to the United States in February to face 11 charges (see: Alleged Russian
Mega-Hacker Extradicted).

"This hacking ring's widespread attacks on American companies caused
serious harm and more than $300 million in losses to people and businesses
in the United States," says Assistant Attorney General Leslie Caldwell. "As
law enforcement around the world responds to the cyber threat that affects
us all, I am confident that this type of international cooperation that led
to this result will be the new normal."

Extradiction Was Delayed

Drinkman was arrested by Dutch authorities on June 28, 2012, at the request
of U.S. prosecutors. But he remained incarcerated in the Netherlands while
the Dutch government reviewed competing extradition requests that were
filed by U.S. and Russian authorities. In November 2014, however, Dutch
Justice and Security Minister Ivo Opstelten upheld the U.S. extradition
request for Drinkman on the grounds that U.S. authorities filed their
request first (see Accused Nasdaq Hacker Faces Extradition).

Drinkman allegedly ran a group that included three other Russians and one
Ukrainian who were indicted in 2013 over their alleged involvement in the
massive credit and debit card fraud scheme. The crime ring often hacked
into websites by exploiting SQL injection flaws, prosecutors alleged.

Between 2005 and 2012, according to court documents, Drinkman's gang
allegedly launched attacks against NASDAQ, 7-Eleven, Carrefour, JCP,
Hannaford, Heartland, Wet Seal, Commidea, Dexia, JetBlue, Dow Jones,
Euronet, Visa Jordan, Global Payment, Diners Singapore and Ingenicard. U.S.
authorities say that NASDAQ's trading platform was not affected by those
attacks.

Five Men Charged

The indictment in the case says the five defendants each played specific
roles in the scheme.

Drinkman and Alexandr Kalinin, 28, of St. Petersburg, Russia, allegedly
specialized in penetrating network security and gaining access to the
corporate victims' systems. Drinkman and Roman Kotov, 34, of Moscow,
allegedly specialized in mining the networks to steal valuable data. The
hackers hid their activities using anonymous Web-hosting services allegedly
provided by Mikhail Rytikov, 28, of Odessa, Ukraine. Dmitriy Smilianets,
32, of Moscow, allegedly sold the information stolen by the other
conspirators and distributed the proceeds of the scheme to the participants.

Drinkman and Kalinin were previously charged in a 2009 indictment charging
Albert Gonzalez, 34, of Miami, in connection with five corporate data
breaches, including the breach of Heartland Payment Systems Inc., which at
the time was the largest ever reported. Gonzalez is serving 20 years in
federal prison for those offenses.

Kalinin is also charged in two federal indictments. The first charges him
in connection with hacking certain computer servers used by NASDAQ, and the
second charges him and another Russian hacker, Nikolay Nasenkov, with an
international scheme to steal bank account information from U.S.-based
financial institutions. Rytikov was previously charged in an unrelated
scheme.

Drinkman and Smilianets were arrested at the request of the United States
while traveling in the Netherlands in June 2012. Smilianets was extradited
on Sept. 7, 2012, and remains in federal custody. Bloomberg News reports
that he pleaded not guilty to all charges back in 2013 but is now
considering whether to accept a plea deal. Kalinin, Kotov and Rytikov
remain at large.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!