Russian Hacker Pleads Guilty to Theft of 160 Million Credit Card Numbers

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Russian national Vladimir Drinkman, 34, yesterday pled guilty to one count of conspiracy to commit authorized access of protected computers and one count of conspiracy to commit wire fraud in connection with the theft of more than 160 million credit card numbers.

Drinkman and others hacked into corporate networks, often via SQL injection attacks, and stole credit card numbers and personally identifiable information from targets including NASDAQ, 7-Eleven, Carrefour, JCP, Hannaford, Heartland, Wet Seal, Commidea, Dexia, JetBlue, Dow Jones, Euronet, Visa Jordan, Global Payment, Diners Singapore and Ingenicard. Just three of the affected companies reported more than $300 million in losses.

According to the Justice Department, it's the largest such scheme ever prosecuted in the United States.

Alleged fellow hacker Alexandr Kalinin, 28, remains at large, as do Roman Kotov, 34, who allegedly mined the breached networks for data, and Mikhail Rytikov, 28, who allegedly provided the group with anonymous Web hosting services. Dmitry Smilianets, 32, who allegedly sold the stolen credit card numbers for $10 to $50 each, was extradited to the U.S. on September 7, 2012.

Drinkman was also charged as "Hacker 1" in a 2009 indictment charging Albert Gonzalez in connection with five corporate data breaches, including the Heartland Payment Systems breach.

"Defendants like Vladimir Drinkman, who have the skills to break into our computer networks and the inclination to do so, pose a cutting edge threat to our economic well-being, our privacy and our national security," said U.S. Attorney Paul J. Fishman said in a statement.

"The crimes to which he admitted his guilt have a real, practical cost to our privacy and our pocketbooks," Fishman added. "Today’s guilty plea is a tribute to the skill and perseverance of the agents and prosecutors who brought him to justice."

Drinkman was arrested in the Netherlands on June 28, 2012, and was extradited to the U.S. on February 17, 2015. He's scheduled to be sentenced on January 15, 2016. While he faces up to 30 years in prison, his plea agreement notes that he may get a lesser term due to his "recognition and affirmative acceptance of personal responsibility," Reuters reports.

"As demonstrated by today's conviction, our close cooperation with our international partners makes it more likely every day that we will find and bring to justice cyber criminals who attack America -- wherever in the world they may be," Assistant Attorney General Leslie R. Caldwell said in a statement. "As law enforcement around the world responds to the cyber threat that affects us all, I am confident that this type of international cooperation that led to this result will be the new normal."