Russian Hackers Plead Guilty in Massive Credit Card Scheme

Two Russian men have pleaded guilty in New Jersey after being prosecuted for conspiring to steal more than 160 million credit and debit cards that resulted in losses of more than $300 million.

Federal prosecutors have called it the ‘largest hacking and data breach’ ever prosecuted in the U.S., and two Russian hackers have pleaded guilty for an international hacking scheme, reports Reuters.

Moscow-based hacker, Dmitriy Smilianets’ guilty plea in a federal court in New Jersey comes a day after another hacker, Vladimir Drinkman, also a Russian national plead guilty on multiple counts.

The details are as follows:

  • Dmitriy Smilianets, 32, plead guilty to conspiring to commit wire fraud in the global scheme.
  • Vladimir Drinkman, 34, plead guilty to conspiring to illegally access computers. He also plead guilty to the count of conspiring to commit wire fraud.

Related article: White House Hacked, Possibly by Russians

Drinkman initially plead ‘not guilty’ and had previously been charged for his part in the Heartland breach, a case got infamous hacker Albert Gonzalez serving 20 years in prison. It was a feat that landed Gonzalez aka ‘SoupNazi’ in our list of Top 10 Black Hat Hackers.

The Global Credit Card Scheme

Prosecutors claim that the two hackers began their scheme as early as 2003. Here is how their scheme resulted in the accumulation of more than 160 million stolen payment cards.

  • The hackers installed ‘sniffers’ that stole data from computer networks and systems of retailers and financial companies.
  • This was achieved through multiple SQL injection attacks, wherein the hackers identified vulnerabilities in the targeted SQL databases.
  • Once they gained access, hackers used malware to ensure that their breach stuck over a prolonged period of time. In some cases, the hackers gained access to corporate networks and stole information over a connection that lasted over a year.
  • The stolen credit card information was then sold in large “dumps’ to resellers who, in turn, sold the data to other operators.
  • These operators then encoded the stolen information into the magnetic strips of blank credit cards that were used to withdraw money from ATMs and to make purchases.

Altogether, sixteen companies’ networks were breached including those of:

  • Nasdaq
  • 7-Eleven
  • JC Penney
  • JetBlue Airways
  • Visa and,
  • Heartland Payment Systems.

Over a seven-year period, their hacking scheme extended to the largest stock market in the U.S., some of the world’s biggest corporations and the biggest payment processors.

The two Russian hackers were arrested in the Netherlands while travelling and three other conspirators who are charged, remain at large. Both Russian nationals face up to 30 years in prison.