Five Charged in Largest Hacking Scheme Ever Prosecuted in US

The U.S. Attorney's Office today unsealed an indictment charging four Russians and a Ukrainian with a multi-million hacking scheme that netted 160 million credit card numbers from several major American and international corporations.

The charges stem from hacking attacks dating back to 2005 against several global brands, including the NASDAQ exchange, 7-Eleven, JC Penney, Hannaford, Heartland, JetBlue, Dow Jones, Euronet, Visa Jordan, Global Payment, Diners Singapore and Ingenicard.

The five men that are being indicted are Vladimir Drinkman, 32, of Syktyykar and Moscow, Russia, and Alexandr Kalinin, 26, of St. Petersburg, Russia, each allegedly specialized in penetrating networks and gaining access to the corporate victims' systems.

- Roman Kotov, 32, of Moscow, allegedly specialized in mining the networks compromised by Drinkman and Kalinin to steal valuable data.

- Mikhail Rytikov, 26, of Odessa, Ukraine, allegedly offered anonymous web-hosting services for the others to hide their illegal activities.

- Dmitriy Smilianets, 29, of Moscow, allegedly sold the information stolen by the other conspirators and distributed the proceeds of the scheme to the participants.

Two of the five men Drinkman and Smilianets  have been captured while traveling in the Netherlands last year and they have been extradited to the United States to face charges while the other three men remain at large.  Court documents show the men took user names and passwords, identification, credit and debit card numbers that correspond to personal identification information of cardholders.

The men gained access to systems by using an SQL injection attack as their initial entry point.  Once the networks were breached, they used malware to create a back door to maintain their access to these systems.  The men also used sniffers to identify, collect, and steal data from victims and used the stolen data and sold it to others.  As their punishment, they face a five year prison sentence for conspiracy to gain unauthorized access to computers; 30 years in prison for conspiracy to commit wire fraud; five years in prison for unauthorized access to computers; and 30 years in prison for wire fraud.