NEWARK, N.J. — Russian national Vladimir Drinkman pleaded not guilty Tuesday to 11 counts of hacking-related charges associated with the largest case of international data breaching to ever be prosecuted in the United States.
Drinkman appeared in federal court before U.S. Magistrate Judge James B. Clark III after being charged with allegedly assisting in the theft of over 160 million credit cards two and a half years ago.
A press release from the United States Department of Justice claims the hackers stole at least $300 million, a figure which may increase as the investigation continues.
Major corporate targets were affected by the crime included NASDAQ, Visa, JCP, 7-Eleven, Carrefour, Hannaford, Heartland, Wet Seal, Commidea, Dexia, Dow Jones, Euronet, Global Payment, Diners Singapore, JetBlue, Jordan and Ingenicard.
Drinkman first found himself on the radar of law enforcement officials in 2009, when he and fellow Russian, Alexandr Kalinin, were charged as “Hacker 1” and “Hacker 2,” joining 33 year-old Floridian, Albert Gonzalez, in an attack on the Heartland Payment Systems. While Gonzalez is currently saddled with a 20-year federal prison sentence, Drinkman allegedly later aligned with another Russian, Dmitriy Smilianets, who is now in federal custody as well, following an arrest with Drinkman in June of 2012.
The international scheme in question today is thought to have been ongoing since 2005, involving Drinkman and four co-defendents: three Russians and one Ukranian. Kalinin, as well as Roman Kotov and Ukranian, Mikhail Rytikov, are wanted co-defendents along with Smilianets and Drinkman.
Authorities suspect Kalinin specialized in infiltrating corporate databases by injecting SQL (a type of programming code that communicates with databases), leaving computer systems vulnerable with the use of malware “back doors,” according to the DoJ.
The team allegedly waited up to a year within the companies’ networks, while Kotov installed programs, known as “sniffers,” to gather personal information and credit card data, which was stored on various computers worldwide.
Stolen data was then allegedly sold by Smilianets to trusted third-parties, who in-turn resold the information. The going rate for American credit cards was $10, while as much as $50 was charged per European credit card, the DoJ said.
The anonymity of this criminal scheme is credited to Rytikov, who supposedly covered the tracks of his four co-conspirators with encrypted web hosting. The extent of the mischievous confidence and malicious intent of these men is found in chats provided as evidence in the indictment, the DoJ said.
Though the hackers are thought to have communicated mostly in person and through encrypted channels on the web, evidence reveals that they utilized search engine triggers to notify them when law enforcement was on their trail, according to the DoJ.
“Hannaford will spend millions to upgrade their security!!”
“They would better pay us not to hack them again.”
Drinkman could face up to 70 years in federal prison, pending his trial, which is scheduled to commence on April 27, 2015.
Photo Sources: securityaffairs.co
Editorial Note: Opinions expressed here are the author's alone, not those of any bank, credit card issuer, airline or hotel chain, and have not been reviewed, approved or otherwise endorsed by any of these entities.