Russian Hacker Admits His Role in Massive Data Breaches Targeting Corporate Networks
On Tuesday, the Department of Justice (DoJ) announced that a Russian hacker admitted his role in the largest known data breach conspiracy case to ever be prosecuted on United States soil.
34-Year-Old Vladimir Drinkman admitted to being apart of a “worldwide hacking and data breach scheme that targeted major corporate networks, compromised more than 160 million credit card numbers” that “resulted in hundreds of millions of dollars in losses.”
Back in February this year, Drinkman was charged for helping coordinate the attacks. The Russian pleaded guilty to one count of conspiracy to commit unauthorized access of protected computers and one count of conspiracy to commit wire fraud.
According to prosecutors, Drinkman alongside four co-defendants allegedly “hacked into the networks of corporate victims engaged in financial transactions, retailers that received and transmitted financial data and other institutions with information that the conspirators could exploit for profit.”
The attack allegedly targeted networks of major corporations including NASDAQ, 7-Eleven, JetBlue, Dow Jones, Euronet, JCPenny among 10 others.
Leslie Caldwell, assistant attorney general said that Drinkman’s hacking team “caused serious harm and more than $300 million in losses to people and businesses in the United States.”
“Defendants like Vladimir Drinkman, who have the skills to break into our computer networks and the inclination to do so, pose a cutting edge threat to our economic well-being, our privacy and our national security,” said Paul Fishman, New Jersey’s U.S. attorney. “The crimes to which he admitted his guilt have a real, practical cost to our privacy and our pocketbooks.”
How Drinkman and His Team Hacked the Corporate Networks
According to recent documents filed in the case and statements made in court, the five attackers allegedly penetrated the computer networks of 16 corporate victims, stealing the usernames, passwords, identification cards, credit and debit card numbers along with the personal information of the cardholders. The Russian hackers were alleged to have accumulated more than 160 million payment card numbers from their hacking.
The hacking ring gained their access through a series of SQL injection attacks. They were able to identify vulnerabilities within the SQL databases, allowing them to effectively infiltrate the network. After they gained initial access, they compromised the system with malware, allowing them long-term access. According to some cases, the attackers would often lose access due to companies enhancing their security policies, but were often able to re-gain access with persistent attacks.
Messages obtained by authorities reveal the hackers monitored companies for months prior to their break in, which when executed lead to malware being planted on corporate servers, some which even lasted a year or longer.
After planting malware within the networks they designed sniffers to collect and steal information from the corporate networks. Authorities said the hackers stored the stolen information on several computers throughout the world, ultimately selling it to others.
Once the stolen payment information was in their hands, they would often sell to resellers around the world. One seller allegedly charged around $10 for each stolen American credit card, around $50 for each European card and roughly $15 for each Canadian card.
As a result of their attacks, financial institutions and credit card companies suffered catastrophic losses, in which the judge reported over $300 million in losses.
All co-defendants remain innocent until proven guilty as the case is only in its beginning stages and these are mere accusations.
Sources:
Department of Justice