Russian Hacker Pleads Guilty to Nasdaq Breach

     NEWARK, N.J. (CN) – A key player in one of the largest, most brazen data breaches pleaded guilty to his role in a scheme that cost companies hundreds of millions of dollars, in addition to the untold losses consumers face.
     Valdimir Drinkman, a Russian citizen, pleaded guilty on Monday to committing what the U.S. government bills as the biggest data breach ever prosecuted: hacking 17 corporate networks – including at Nasdaq, 7-Evelen, JetBlue, among others – and stealing more than 160 million credit card numbers.
     Drinkman’s hacking crimes “have a real, practical cost to our privacy and our pocketbooks,” U.S. Attorney Paul Fishman said in a statement. Three of the corporations hacked reported losses of more than $300 million combined. The biggest hit was credit-card processing company Heartland Payment Systems, which reported losses of $200 million.
     From 2005 to 2012, Drinkman and four others hacked the corporate networks used for financial transactions, with Drinkman specializing in penetrating network security and then mining the networks for personal information. The hackers masked their breach via so-called “bullet-proof” anonymous web-hosting services allegedly provided by Ukrainian national Mikhail Rytikov.
     Authorities say the hackers exploited vulnerabilities in special programming language at corporate networks, infiltrated the networks, and then inserted malicious code into the systems allowing “back door” access for the data thieves.
     Dmitriy Smilianets, another Russian co-conspirator in federal custody, then sold the stolen credit card numbers. American credit cards went for $10 and Canadian cards for $15, while European credit cards fetched $50, sources said.
     According to the original indictment, the scheme involved computers in New Jersey – where Drinkman and his alleged co-conspirators supposedly operated- as well as in Pennsylvania, California, Illinois, the Netherlands, the Ukraine and Latvia. The scammers used instant messaging and codenames to communicate with each other, court documents state.
     In 2012 Drinkman was arrested along with Smilianets while the two were on vacation in the Netherlands. Earlier this year Drinkman was extradited to New Jersey. He has pleaded guilty to one count of conspiracy to commit unauthorized access of protected computers and one count of conspiracy to commit wire fraud.
     Though Drinkman initially fought the charges, he changed course when the government proffered a plea agreement in May.
     A seemingly persistent professional hacker, Drinkman first came onto the U.S. Secret Service’s radar in connection to the 2004 shutdown of an online hacking site.
     Prosecutors tied Drinkman to the online alias Scorpo in a 2009 indictment connected to the data breach of five corporate networks, what was at the time the largest data breach ever prosecuted.
     Albert Gonzalez (known online as “soupnazi”) had been a part of the earlier case.
     Though corporate network security sometimes thwarted Drinkman in this latest scam, he was able to eventually break through after constant, repeated attacks.
     In some cases, he and his cohorts allegedly left malicious code on company servers for more than a year.
     Drinkman is scheduled for sentencing in January 2016, and could face more than 30 years in prison. The investigation into the data breach is ongoing, as three of the other alleged hackers are still a large.

%d bloggers like this: