Russian extradited to US for hacks that stole 160 million credit card numbers

The defendant pleads not guilty to assisting with cyberattacks on Nasdaq, Dow Jones, Heartland and other companies

A Russian man accused of high-profile cyberattacks on Nasdaq, Dow Jones, Heartland Payment Systems and 7-Eleven has been extradited to the U.S. and appeared in court in Newark, New Jersey, Tuesday.

Vladimir Drinkman, 34, of Syktyykar and Moscow, Russia, was charged for his alleged role in a data theft conspiracy that targeted major corporate networks and stole more than 160 million credit card numbers, the U.S. Department of Justice said in a press release. Drinkman was arrested in the Netherlands in June 2012 and had been detained there.

Drinkman appeared Tuesday in U.S. District Court for the District of New Jersey and entered a plea of not guilty to 11 counts he faces. His trial is scheduled to begin in April.

Drinkman was one of five people from Russia or the Ukraine indicted in July 2013 for allegedly conspiring to penetrate the computer networks of several of the largest payment processing companies, retailers and financial institutions in the world, the DOJ said.

The hackers often gained initial entry through an SQL injection attack, the DOJ said. They then placed malware into the compromised networks that gave them backdoor access. In some cases, the defendants lost access to a system due to companies' security efforts, but were allegedly able to regain it through persistent attacks.

Drinkman and his four codefendants each served specific roles in the hacking scheme, according to court documents. Drinkman and Alexandr Kalinin, 28, of St. Petersburg, Russia, each allegedly specialized in penetrating network security and gaining access to the corporate victims' systems. Roman Kotov, 33, of Moscow, allegedly specialized in mining the networks that Drinkman and Kalinin compromised to steal valuable data.

The hackers hid their activities using anonymous web-hosting services provided by Mikhail Rytikov, 27, of Odessa, Ukraine. Dmitriy Smilianets, 31, of Moscow, then allegedly sold the stolen information and distributed the proceeds of the scheme to the participants, the DOJ said.

Drinkman and Kalinin were previously charged in New Jersey as Hacker 1 and Hacker 2 in a 2009 indictment charging Albert Gonzalez, 33, of Miami, in connection with five corporate data breaches, including the breach of Heartland Payment Systems, which at the time was the largest breach ever reported. Gonzalez is currently serving 20 years in federal prison.

Kalinin is also charged in two federal indictments in the Southern District of New York. One charges Kalinin in connection with hacking certain computer servers used by Nasdaq and the second charges him and another Russian hacker with an international scheme to steal bank account information from U.S. financial institutions.

Drinkman and Smilianets were arrested at the request of the DOJ while traveling in the Netherlands in June 2012. Smilianets was extradited in September 2012 and remains in federal custody. Kalinin, Kotov and Rytikov remain at large.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is

Join the CSO newsletter!

Error: Please check your email address.

Tags U.S. Department of JusticeAlexandr KalininVladimir DrinkmansecurityU.S. District Court for the District of New JerseyMikhail RytikovRoman KotovlegalDmitriy SmilianetsAlbert Gonzalezcybercrime

More about Department of JusticeDOJDow JonesIDGNews

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place