Five indicted in massive hacking scheme

Companies reported $300 million in losses from the five-year series of attacks

Five men from Russia and Ukraine have been indicted in New Jersey for charges they conspired with each other in a worldwide hacking scheme targeting major corporate networks that compromised more than 160 credit card numbers, the U.S. Department of Justice announced.

The men allegedly attacked the networks of several companies, including Nasdaq, 7-Eleven, JCP, Dow Jones and Hannaford, the DOJ said. Companies reported US$300 in losses from the attacks, the DOJ said in a press release.

Charged in an indictment unsealed Thursday in U.S. District Court for the District of New Jersey were Vladimir Drinkman, 32, of Syktyykar and Moscow, Russia; Alexandr Kalinin, 26, of St. Petersburg, Russia; Roman Kotov, 32, of Moscow; Mikhail Rytikov, 26, of Odessa, Ukraine; and Dmitriy Smilianets, 29, of Moscow.

Drinkman and Kalinin allegedly specialized in penetrating network security and gaining access to the corporate victims' systems, while Kotov allegedly specialized in mining the compromised networks to steal data, the DOJ said. The defendants hid their activities using anonymous Web-hosting services provided by Rytikov, while Smilianets allegedly sold the information stolen by the other conspirators and distributed the proceeds of the scheme to the participants.

The five compromised networks for nearly five years, between mid-2005 and mid-2012, according to court documents.

""This type of crime is the cutting edge," Paul Fishman, U.S. attorney for the District of New Jersey, said in a statement.  "Those who have the expertise and the inclination to break into our computer networks threaten our economic well-being, our privacy, and our national security.  And this case shows, there is a real practical cost because these types of frauds increase the costs of doing business for every American consumer, every day."

Kalinin and Drinkman were previously charged in New Jersey as "Hacker 1" and "Hacker 2" in a 2009 indictment charging Albert Gonzalez, 32, of Miami, in connection with five corporate data breaches, including the breach of Heartland Payment Systems, which at the time was the largest breach ever reported.  Gonzalez is currently serving 20 years in federal prison for those offenses.

The U.S. Attorney's Office for the Southern District of New York on Thursday announced two additional indictments against Kalinin. One charges him in connection with hacking certain computer servers used by Nasdaq and a second indictment charged Kalinin and another alleged Russian hacker, Nikolay Nasenkov, with an international scheme to steal bank account information by hacking U.S.-based financial institutions.

Rytikov was previously charged in the Eastern District of Virginia with an unrelated scheme. Kotov and Smilianets have not previously been charged publicly in the U.S.

Drinkman and Smilianets were arrested at the request of the DOJ while traveling in the Netherlands on June 28, 2012.  Smilianets was extradited on Sept. 7, 2012, and remains in federal custody. Kalinin, Kotov and Rytikov remain at large.

The five defendants allegedly conspired with others to penetrate the computer networks of several of the largest payment processing companies, retailers and financial institutions, stealing the personal identifying information of individuals. They allegedly took user names and passwords, other means of identification and credit and debit card numbers, the DOJ said.

The attackers often gained initial entry into a corporate network through an SQL injection attack, the DOJ alleged. The hackers identified vulnerabilities in SQL databases and used those vulnerabilities to infiltrate a computer network. Once the network was infiltrated, the defendants allegedly placed malware on a network, creating a back door that allowed further access. In some cases, the defendants lost access to the system due to companies' security efforts, but they were able to regain access through persistent attacks.

The defendants often targeted victim companies for many months, with the DOJ saying they waited "patiently" as their efforts to bypass security were underway.

After acquiring the card numbers and related data, the conspirators allegedly sold it to resellers around the world, the DOJ alleged. The buyers then allegedly sold the so-called dumps through online forums or directly to individuals and organizations. Smilianets was allegedly in charge of sales charging approximately $10 for each stolen U.S. credit card number and associated data and approximately $50 for each European credit card number and approximately $15 for each Canadian credit card number.

If convicted, the maximum penalties for each of the counts are: five years in prison for conspiracy to gain unauthorized access to computers; 30 years in prison for conspiracy to commit wire fraud; five years in prison for unauthorized access to computers; and 30 years in prison for wire fraud.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is

Join the CSO newsletter!

Error: Please check your email address.

Tags fraudVladimir Drinkmanlegaldata breachMikhail RytikovU.S. District Court for the District of New JerseyRoman KotovNikolay NasenkovU.S. Department of JusticeAlexandr KalininPaul FishmanDmitriy SmilianetscybercrimeIdentity fraud / theftdow jonesAlbert GonzalezNasdaqsecurityHannaford

More about Department of JusticeDOJDow JonesIDG

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place