NEWARK, N.J. Four Russians and a Ukrainian were indicted on charges here this morning of running the biggest cards theft ring in history, which hacked into databases at dozens of the world’s biggest companies and siphoned more than $300 million from their customers’ bank and credit union accounts.
The defendants were tied to master cards hacker Albert Gonzalez, who was sentenced in 2010 to 20 years in prison for hacking into cards records at TJX, 7-Eleven, Hannaford Brothers, Heartland Payment Systems, Barnes & Nobles and other major retailers, but also to previously undisclosed hacks of Dow Jones, NASDAQ, Visa, Euronet, J.C. Penney and Wet Seal. The group is also responsible for last year's breach at Global Payment Systems when data on 950,000 card accounts were stolen.
“The losses in this case are staggering,” Paul Fishman, U.S. Attorney for New Jersey, said at a news conference this morning. “This type of crime is really the cutting edge of financial fraud.”
The defendants and their co-conspirators penetrated the secure computer networks of several of the largest payment processing companies, retailers and financial institutions in the world, and stole the personal identifying information of others, such as user names and passwords, according to the indictment. The information was then used to fabricate counterfeit cards and to access accounts at banks and credit unions. The scheme ran from 2005 through last year.
Charged in today’s indictment are: Vladimir Drinkman, Aleksandr Kalinin, Roman Kotov and Dmitriy Smilianets of Russia, and Mikhail Rytikov of Ukraine. Drinkman is in custody in the Netherlands and Smilianets is in custody in the U.S. The whereabouts of the other three was unclear.
Kalinin and Drinkman were previously charged in New Jersey as “Hacker 1” and “Hacker 2” in a 2009 indictment charging Albert Gonzalez, 32, of Miami, in connection with five corporate data breaches including the breach of Heartland Payment Systems, which at the time was the largest ever reported.
Gonzalez, who was charged in 2009, first became known to law enforcement when he was arrested in 2003 for a conspiracy that sold stolen card information over the Internet and was known as Cardererplanet. After he was arrested he agreed to work as an undercover informant on various Internet credit card conspiracies. It turned out, while he was informing for the U.S. government, Gonzalez was working with accomplices in Eastern Europe to break into the databases of several big companies and steal their cards data.
Gonzalez shipped the data to his overseas accomplices who used it to withdraw cash at ATMs throughout Europe or to buy expensive merchandise, like electronics, jewelry or clothes.
The data was also sold on websites where anyone could use it to create their own card and tap into legitimate bank and credit union accounts. A U.S. card was sold for $10; a European card for $50 and a Canadian card for $15, with discounts for bulk and repeat customers. The end users encoded the stolen account information onto the magnetic strip of a blank plastic card.
Kalinin was also charged in connection with hacking certain computer servers used by NASDAQ and a second indictment, with another Russian hacker, Nikolay Nasenkov, with an international scheme to steal bank account information by hacking U.S.-based financial institutions.
Rytikov was previously charged in the Virginia with an unrelated scheme. Kotov and Smilianets have not previously been charged publicly in the U.S.
“This type of crime is the cutting edge,” said Fishman . “Those who have the expertise and the inclination to break into our computer networks threaten our economic well-being, our privacy, and our national security.”