Russian Hackers Got 160 Million Bank Card Numbers, but That Wasn't Worst Part

Article excerpt

Russian hackers infiltrated the corporate networks of some of the largest US corporations over a seven year period, stealing more than 160 million credit card numbers and hundreds of millions of dollars, the largest such scheme ever prosecuted in the US, said federal authorities unveiling the indictments Thursday.

Targeting corporations that were specifically engaged in financial transactions, the hackers stole data that allowed them to reproduce fake cards they were able to sell or later use to withdraw money from ATM machines worldwide.

Among the 15 businesses allegedly hit by the four Russian and one Ukrainian hacker from August 2005 to July 2012: 7-Eleven, JCPenney, JetBlue, and Dow Jones. One of the Russians was also charged separately with hacking into the business-operation servers of the NASDAQ stock exchange from 2008-10 and manipulating data. But that hack did not reach the exchange's trading platform where stocks are bought and sold, authorities said.

Law enforcement officials touted the case as a significant step forward in demonstrating their ability crack a difficult cybercrime operation involving crooks who took extensive steps - including encrypted communications - to keep their identities and operations secret.

"This type of crime is the cutting edge," said Paul Fishman, US Attorney for New Jersey, announcing the indictments. "Those who have the expertise and the inclination to break into our computer networks threaten our economic well-being, our privacy, and our national security."

Losses hit $300 million for companies in the US in Europe, not including losses incurred by identity-theft victims, authorities said.

Two of the hackers, Russians Vladimir Drinkman and Dmitriy Smilianets, were arrested by Dutch police at the request of the US while they were traveling in the Netherlands in 2012. Mr. Smilianets was extradited to the US. Mr. Drinkman is in custody in the Netherlands pending extradition hearing. The remaining three, Russians Roman Kotov and Alexandr Kalinin and Ukrainian Mikhail Rytikov, remain at large.

After downloading card numbers and related data, the conspirators resold the data to theft wholesalers worldwide. Smilianets charged roughly $10 for each stolen American credit card number and its data, $50 for each European credit card number and data and $15 for each Canadian credit card number and its associated data. Discount pricing was given bulk and repeat customers.

The buyers of the stolen data then encoded individual card data onto the magnetic strip of a blank plastic card and then withdrew money from ATMs or made purchases with the cards. …