US prosecutors launch largest ever hacking fraud case

Cashpoint machine Stolen card data was uploaded to blank cards used by criminals to make cash withdrawals and purchases

Related Stories

US prosecutors have launched what they say is the country's largest ever hacking fraud case.

Five men in Russia and Ukraine have been charged with running a hacking operation that allegedly stole more than 160 million credit and debit card numbers from a number of major US companies over a period of seven years.

Losses from the thefts amounted to hundreds of millions of dollars.

Corporate victims included Nasdaq, Visa, Dow Jones and JC Penney.

Paul Fishman, US Attorney for the District of New Jersey, called the case "the largest ever hacking and data scheme breach in the United States".

Just three of the corporate victims reported $300m (£196m) in losses, prosecutors say.

Other victims included Heartland Payment Systems, one of the world's largest credit and debit card payment processing companies; French retailer Carrefour; Dexia Bank Belgium; and 7-Eleven.

The indictment identified the defendants as Vladimir Drinkman, Aleksander Kalinin, Roman Kotov and Dmitriy Smilianets, all from Russia, and Mikhail Rytikov, a Ukrainian.

All five are charged with taking part in a computer hacking conspiracy and conspiracy to commit wire fraud.

Mr Drinkman and Mr Kalinin specialised in penetrating network security and hacking into corporate systems, prosecutors allege, while Mr Kotov specialised in trawling through the data looking for information worth stealing.

Mr Rytikov ran the anonymous web-hosting services that enabled the others to carry out their activities, while Mr Smilianets sold on the stolen data and farmed out the proceeds, prosecutors say.

"This type of crime is the cutting edge," said Mr Fishman. "Those who have the expertise and the inclination to break into our computer networks threaten our economic well-being, our privacy, and our national security."

One of the co-conspirators named is Albert Gonzalez, known online as "soupnazi", who was charged along with Mr Kalinin and Mr Drinkman in 2009 and is already serving 20 years for corporate data hacking.

Mr Drinkman and Mr Smilianets are both in custody but the other three remain at large.

Infiltrated

The attacks often involved identifying weaknesses in Structured Query Language (SQL) databases and uploading malware that gave them access to corporate networks.

"Sniffer" software then sought out and collected valuable personal data that the defendants could sell on to other criminals around the world.

Credit card numbers were sold for $15 to $50 each, prosecutors say. This stolen data could be transferred to blank cards then used to withdraw cash or make purchases.

The prosecutors said the defendants encrypted their communications and managed to disable security systems on corporate networks to prevent detection.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features & Analysis

BBC Future

(Getty Images)

How movie dinosaurs lied to us

What’s wrong with cinema’s monster lizards Read more...

Programmes

  • Traffic lightsClick Watch

    From hacking cars to traffic lights - behind the scenes at a cyber-security conference

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.