NEWARK, N.J. — Federal authorities on Thursday unveiled charges against five men who spearheaded an international hacking and data breach scheme resulting in hundreds of millions in losses from companies including the supermarket chain Hannaford Bros., whose data was breached by the group in 2005.
“This type of crime is the cutting edge,” U.S. Attorney Paul J. Fishman said in a statement. “Those who have the expertise and the inclination to break into our computer networks threaten our economic well-being, our privacy, and our national security. And this case shows there is a real practical cost because these types of frauds increase the costs of doing business for every American consumer, every day. We cannot be too vigilant and we cannot be too careful.”
The five men each served particular roles in the scheme, authorities said. Vladimir Drinkman, 32, of Syktyvkar and Moscow, Russia, and Alexandr Kalinin, 26, of St. Petersburg, Russia, each specialized in penetrating network security and gaining access to the corporate victims’ systems. Roman Kotov, 32, of Moscow, also a hacker, specialized in mining the networks Drinkman and Kalinin compromised to steal valuable data. The hackers hid their activities using anonymous web-hosting services provided by Mikhail Rytikov, 26, of Odessa, Ukraine. Dmitriy Smilianets, 29, of Moscow, sold the information stolen by the other conspirators and distributed the proceeds of the scheme to the participants.
Kalinin and Drinkman were previously charged in New Jersey as “Hacker 1” and “Hacker 2” in a 2009 indictment charging Albert Gonzalez, 32, of Miami, in connection with five corporate data breaches. Gonzalez is currently serving 20 years in federal prison for those offenses.
According to the federal indictment, the five defendants conspired with others to penetrate computer networks and steal user names and passwords, credit and debit card numbers and other personal identification information. Conservatively, the conspirators are alleged to have unlawfully acquired more than 160 million card numbers through hacking.
The initial entry was often gained using a “SQL injection attack,” the authorities said. SQL, or Structured Query Language, is a type of programming language designed to manage data held in particular types of databases; the hackers allegedly identified vulnerabilities in SQL databases and used those vulnerabilities to infiltrate a computer network. Once the network was infiltrated, the defendants placed malicious code, or malware, on the system. This malware created a “back door,” leaving the system vulnerable and helping the defendants maintain access to the network. In some cases, the defendants lost access to the system due to companies’ security efforts, but were able to regain access through persistent attacks.
Instant-message chats obtained by law enforcement reveal the defendants often targeted the victim companies for many months, waiting patiently as their efforts to bypass security were under way. The defendants had malware implanted in multiple companies’ servers for more than a year.
The authorities claim the defendants used their access to the networks to install “sniffers,” which were programs designed to identify, collect and steal data from the victims’ computer networks. The defendants then used an array of computers located around the world to store the stolen data and ultimately sell it to others.
After acquiring the card numbers and associated data – which they referred to as “dumps” – the conspirators allegedly sold it to resellers around the world. The buyers then sold the dumps through online forums or directly to individuals and organizations.
|Suggested Categories||More from Supermarketnews|