Five Russians and a Ukrainian face federal criminal charges of hacking into the computers of major payment processors, retailers and financial institutions, stealing more than 160 million credit card numbers and causing hundreds of millions of dollars in losses.
It is the largest such scheme ever prosecuted in the United States, federal authorities said in unsealing indictments Thursday in Newark, N.J., and Manhattan.
Victimized firms ranged from 7-Eleven, Wet Seal and JetBlue to Visa Jordan, Diners Singapore and the Nasdaq stock market, authorities said. Three corporate victims alone lost more than $300 million, and the alleged scheme caused “immeasurable losses to the identity theft victims in costs associated with stolen identities and false charges,” authorities in New Jersey said.
“This type of crime is the cutting edge,” Paul J. Fishman, the U.S. attorney for New Jersey, said ijn a news release. “These types of frauds increase the costs of doing business for every American consumer, every day.”
Mythili Raman, acting assistant attorney general of the Justice Department’s criminal division, said: “Today’s indictment will no doubt serve as a serious warning to those who would utilize illegal and fraudulent means to steal sensitive information online.”
According to a second superseding indictment in Newark federal court and other court filings, the five men each served particular roles in the scheme.
Vladimir Drinkman, 32, of Syktyykar, Russia, and Moscow, and Alexandr Kalinin, 26, of St. Petersburg, are accused of hacking into the computer systems, while Roman Kotov, 32, of Moscow allegedly mined the compromised networks to steal valuable data.
The defendants allegedly hid their activities using anonymous web-hosting services provided by Mikhail Rytikov, 26, of Odessa, Ukraine. Dmitriy Smilianets, 29, of Moscow allegedly sold the information stolen by the other conspirators and distributed the proceeds of the scheme to the participants.
Authorities said Kalinin and Drinkman were previously charged in New Jersey as “Hacker 1” and “Hacker 2” in a 2009 data breach case, described at the time as the largest ever. Albert Gonzalez, 32, of Miami was sentenced to 20 years in federal prison for his role in those offenses.
The government said Drinkman and Smilianets were arrested in the Netherlands on June 28, 2012. Their attorneys could not be immediately reached for comment. Kalinin, Kotov and Rytikov remain at large.
In separate indictments unsealed in Manhattan, Kallinin and another Russian, Nikolay Nazenkov, were accused of hacking U.S. financial institutions and using stolen information to withdraw millions of dollars from victims’ accounts. U.S. Atty. Preet Bharara said the targets included Citibank, PNC Bank and Nasdaq. Nasdaq’s trading platforms were not compromised, the government said.