Bloomberg -- Four Russians and a Ukrainian were charged in what prosecutors called the largest hacking and data breach scheme in U.S. history.
The five conspired in a “worldwide scheme that targeted major corporate networks, stole more than 160 million credit card numbers and resulted in hundreds of millions of dollars in losses,” Paul Fishman, the U.S. attorney in New Jersey, said yesterday in a statement.
The group targeted companies that processed financial transactions and retailers that received and transmitted financial data. Attacks were made on Nasdaq OMX Group Inc., 7- Eleven Inc. and Carrefour SA, France’s biggest retailer, prosecutors said.
The five men operated “a prolific hacking organization” that “penetrated the secure computer networks of several of the largest payment-processing companies, retailers and financial institutions in the world,” according to an indictment unsealed in federal court in Newark, New Jersey. They are accused of stealing user names and passwords, personal identification information, and credit and debit card numbers.
“This type of crime is the cutting edge,” Fishman said. “Those who have the expertise and the inclination to break into our computer networks threaten our economic well-being, our privacy and our national security.”
U.S. prosecutors in New York separately indicted one of the five men and another Russian in another hacking scheme that targeted 800,000 bank accounts. Two of the men are in custody.
After stealing data, known as “dumps,” the men sold it to “dumps resellers,” who then sold it through online forums or to individuals and organizations, prosecutors said.
The men encoded the data into the magnetic strips of blank plastic cards and withdrew money from automated teller machines and made credit-card purchases, the U.S. said.
“Financial institutions, credit card companies and consumers suffered hundreds of millions in losses, including losses in excess of $300 million by just three of the corporate victims, and immeasurable losses to identity-theft victims,” according to the indictment.
The men conspired with Albert Gonzalez, a Miami hacker serving 20 years in prison, according to the indictment.
Those indicted were Vladimir Drinkman, 32, of Moscow and Syktyvkar, Russia; Aleksandr Kalinin, 26, of St. Petersburg; Roman Kotov, 32, and Dmitriy Smilianets, 29, of Moscow; and Mikhail Rytikov, 26, of Odessa, Ukraine.
All five were charged with conspiracy to gain unauthorized access to computer and conspiracy to commit wire fraud. All but Rytikov were charged with wire fraud and unauthorized access to computers.
In New York, federal authorities also indicted Kalinin and accused him of hacking computers used by the Nasdaq Stock Market. From November 2008 to October 2010, Kalinin hacked servers and installed malicious software or malware, which let him and others execute commands to delete, change and steal data, according to a statement by U.S. Attorney Preet Bharara.
Kalinin also was indicted in New York with another Russian, Nikolay Nasenkov, on charges that they stole bank account information from Citigroup Inc. and PNC Financial Services Group Inc. through hacking and other techniques.
“Cyber criminals are determined to prey not only on individual bank accounts, but on the financial system itself,” Bharara said in a statement. He noted the “close and growing collaboration between the U.S. government and the private sector on issues of cyber security.”
All On Wall Street articles are archived after 7 days. REGISTER NOW for unlimited access to all recently archived articles, as well as thousands of searchable stories. Registered Members also gain access to exclusive industry white paper downloads, web seminars, blog discussions, the iPad App, CE Exams, and conference discounts. Qualified members may also choose to receive our free monthly magazine and any of our daily or weekly e-newsletters covering the latest breaking news, opinions from industry leaders, developing trends and growth strategies.