Five people have been charged in the US for their role in a global effort to hack corporate and financial services (FS) organisations. US authorities alleged that the gang stole more than 160m credit card numbers from major banks and data from other targets such as Nasdaq, resulting in losses worth hundreds of millions for retailers and FS firms.
The hackers targeted the computer and security systems of Nasdaq, Carrefour, Dexia, Citibank, payment processors and 7-eleven, according to the ‘FT’, and were running the scam for seven years. US prosecutors are claiming this is the biggest case of hacking and data theft brought in the country’s history.
Some of the alleged gang members are already known to US authorities. Aleksandr Kalinin and Vladimir Drinkman, for instance are cited as the possible ringleaders and were held in New Jersey, US, as 'Hacker 1 and 2' in an indictment from 2009 concerning the Heartland Payment Systems data breach. Albert Gonzalez, 32, of Miami, US, is serving 20 years in jail for that hack, among others, and has been named as a co-conspirator but not charged. Kalinin is known to the New York state authorities just across the water as attorneys there unsealed two additional indictments against him for hack attacks against Nasdaq, PNC Bank and others.
US authorities laid the charges late last week and claim the men conspired in a “worldwide scheme that targeted major corporate networks”, threatening economic well-being, consumer privacy and national security, according to Paul Fishman, the US attorney in New Jersey, leading the case.
The other defendants are Roman Kotov, Dmitriy Smilianets, all Russians, and Mikhail Rytikov of Ukraine. Only two of the men, Mr Drinkman and Mr Smilianets, have so far been apprehended.
The cyber-crime gang allegedly stole 160m card numbers, and associated user names and passwords, which were then sold online to the criminal underworld at a price of $10 for an American card number with associated data; $15 for Canadian cardholders and $50 for Europeans. In a reflection of the scale of the operation, discounts were offered for bulk buyers and repeat customers.
If convicted, the gang members could face up to 30 years in prison for wire fraud. Separate charges about conspiracy to gain unauthorised access to computers carry a five-year minimum term.