Hackers Accused of Stealing 160 Million Credit, Debit Card Numbers

What's This?

By Lorenzo Franceschi-Bicchierai2013-07-25 20:39:01 UTC

Five hackers have been charged with attacking the computer networks of more than a dozen major corporations and stealing at least 160 million credit and debit card numbers in an operation that spanned seven years. Prosecutors called this the largest hacking and data theft case in the United States.

The group of hackers, comprised of four Russians and one Ukrainian, was formally charged in New Jersey on Thursday and accused of conspiring to penetrate the networks of large corporations like Nasdaq, Visa, 7-Eleven, JCPenney and Dow Jones, among others.

See also: Hackers Convert Verizon Device Into Mobile Spy Stations

The hackers from Russia are Vladimir Drinkman (32), Aleksandr Kalinin (26), Roman Kotov (32) and Dmitriy Smilianets (29); Mikhail Rytikov (26) hails from Ukraine. They were all charged with conspiracy to commit unauthorized computer access and wire fraud. The former can be punished with five years in prison and $250,000 in fines; the latter can be punished with 30 years in prison and $1 million in fines.

The five conspirators "operated a prolific hacking organization that was responsible for several of the largest known data breaches," the indictment (.PDF) read.

"The defendants charged today were allegedly responsible for spearheading a world-wide hacking conspiracy that victimized a wide array of consumers and entities, causing hundreds of millions of dollars in losses," said Department of Justice Acting Assistant Attorney General Mythili Raman in a press release.

Prosecutors believe the hackers' data breaches produced hundreds of millions of dollars in losses. The largest breach involved Heartland Payment Systems, which is among the world’s largest credit and debit processing companies, and cost the company $200 million.

The group of hackers also stole the credentials of the credit and debit card owners. Prosecutors believed they broke into Nasdaq and Dow Jones networks to obtain customers' logins and passwords.

The group frequently communicated via online instant messages — sometimes encrypted ones — to notify one another of successful hacks.

"Nasdaq is owned," said Kalinin told Albert Gonzalez (aka "soupnazi"), another co-conspirator convicted in 2010 to 20 years in prison, according to the indictment.

They also used Google news alerts to find out when their operations were detected.

"I get emailed news articles immediately when they come out, you should do the same, its [sic] how I find out when my hacks are found :)," Gonzalez reportedly told Kalinin.

Their conversations sometimes included jokes.

"Hannaford [one of the victimized corporations] will spend millions to upgrade their security!! lol," Gonzalez wrote to Kalining, who responded: "Haha. They would better pay us no to hack them again."

Has your credit or debit card information ever been hacked? Tell us in the comments below.

Photo by Jeff J Mitchell/Getty Images

Topics: Data Breach, hackers, hacking, U.S., US & World, World