“Five Indicted in New Jersey for Largest Known Data Breach Conspiracy”

July 25, 2013

The U.S. Department of Justice’s Office of Public Affairs on July 25, 2013 released the following:

Hackers Targeted Major Payment Processors, Retailers and Financial Institutions Around the World

A federal indictment made public today in New Jersey charges five men with conspiring in a worldwide hacking and data breach scheme that targeted major corporate networks, stole more than 160 million credit card numbers and resulted in hundreds of millions of dollars in losses. It is the largest such scheme ever prosecuted in the United States.

The charges were announced today by U.S. Attorney Paul J. Fishman of the District of New Jersey; Acting Assistant Attorney General Mythili Raman of the Justice Department’s Criminal Division; and Special Agent in Charge James Mottola of the U.S. Secret Service (USSS), Criminal Investigations, Newark, N.J., Division. The USSS led the investigation of the indicted conspiracy.

The defendants allegedly sought corporate victims engaged in financial transactions, retailers that received and transmitted financial data and other institutions with information they could exploit for profit. The defendants are charged with attacks on NASDAQ, 7-Eleven, Carrefour, JCP, Hannaford, Heartland, Wet Seal, Commidea, Dexia, JetBlue, Dow Jones, Euronet, Visa Jordan, Global Payment, Diners Singapore and Ingenicard. It is not alleged that the NASDAQ hack affected its trading platform.

According to the second superseding indictment unsealed today in Newark federal court and other court filings, the five men each served particular roles in the scheme. Vladimir Drinkman, 32, of Syktyykar and Moscow, Russia, and Alexandr Kalinin, 26, of St. Petersburg, Russia, each allegedly specialized in penetrating network security and gaining access to the corporate victims’ systems. Roman Kotov, 32, of Moscow, allegedly specialized in mining the networks Drinkman and Kalinin compromised to steal valuable data. Court documents allege that the defendants hid their activities using anonymous web-hosting services provided by Mikhail Rytikov, 26, of Odessa, Ukraine. Dmitriy Smilianets, 29, of Moscow, allegedly sold the information stolen by the other conspirators and distributed the proceeds of the scheme to the participants.

“This type of crime is the cutting edge,” said U.S. Attorney Fishman. “Those who have the expertise and the inclination to break into our computer networks threaten our economic well-being, our privacy, and our national security. And this case shows, there is a real practical cost because these types of frauds increase the costs of doing business for every American consumer, every day. We cannot be too vigilant and we cannot be too careful.”

“The defendants charged today were allegedly responsible for spearheading a worldwide hacking conspiracy that victimized a wide array of consumers and entities, causing hundreds of millions of dollars in losses,” said Acting Assistant Attorney General Raman. “Despite substantial efforts by the defendants to conceal their alleged crimes, the Department and its law enforcement counterparts have cracked this extensive scheme and are seeking justice for its many victims. Today’s indictment will no doubt serve as a serious warning to those who would utilize illegal and fraudulent means to steal sensitive information online.”

“As is evident by this indictment, the Secret Service will continue to apply innovative techniques to successfully investigate and arrest transnational cyber criminals,” said USSS Special Agent in Charge Mottola. “While the global nature of cybercrime continues to have a profound impact on our financial institutions, this case demonstrates the global investigative steps that U.S. Secret Service Special Agents are taking to ensure that criminals will be pursued and prosecuted no matter where they reside.”

Kalinin and Drinkman were previously charged in New Jersey as “Hacker 1” and “Hacker 2” in a 2009 indictment charging Albert Gonzalez, 32, of Miami, in connection with five corporate data breaches – including the breach of Heartland Payment Systems Inc., which at the time was the largest breach ever reported. Gonzalez is currently serving 20 years in federal prison for those offenses. The U.S. Attorney’s Office for the Southern District of New York today announced two additional indictments against Kalinin: one charges him in connection with hacking certain computer servers used by NASDAQ and a second indictment, unsealed today, charged Kalinin and another alleged Russian hacker, Nikolay Nasenkov, with an international scheme to steal bank account information by hacking U.S.-based financial institutions. Rytikov was previously charged in the Eastern District of Virginia with an unrelated scheme. Kotov and Smilianets have not previously been charged publicly in the United States.

Drinkman and Smilianets were arrested at the request of the United States while traveling in the Netherlands on June 28, 2012. Smilianets was extradited on Sept. 7, 2012, and remains in federal custody. He will appear in New Jersey federal court to be arraigned on the superseding indictment on a date to be determined. Kalinin, Kotov and Rytikov remain at large. All of the defendants are Russian nationals except for Rytikov, who is a citizen of Ukraine.

The Attacks

According to court documents, the five defendants allegedly conspired with others to penetrate the computer networks of several of the largest payment processing companies, retailers and financial institutions in the world, stealing the personal identifying information of individuals. They allegedly took user names and passwords, means of identification, credit and debit card numbers and other corresponding personal identification information of cardholders. The conspirators are alleged to have unlawfully acquired more than 160 million card numbers through hacking.

Court documents allege that the initial entry was often gained using a “SQL injection attack.” SQL, or Structured Query Language, is a type of programing language designed to manage data held in particular types of databases; the hackers identified vulnerabilities in SQL databases and used those vulnerabilities to infiltrate a computer network. Once the network was infiltrated, the defendants allegedly placed malicious code, or malware, on the system. This malware created a “back door,” leaving the system vulnerable and helping the defendants maintain access to the network. In some cases, the defendants lost access to the system due to companies’ security efforts, but they were able to regain access through persistent attacks.

Communications obtained by law enforcement reveal the defendants often targeted the victim companies for many months, waiting patiently as their efforts to bypass security were underway. The defendants allegedly had malware implanted in multiple companies’ servers for more than a year.

The defendants are alleged to have used their access to the networks to install “sniffers,” which were programs designed to identify, collect and steal data from the victims’ computer networks. The defendants then allegedly used an array of computers located around the world to store the stolen data and ultimately sell it to others.

Selling the Data

After acquiring the card numbers and associated data – which they referred to as “dumps” – the conspirators allegedly sold it to resellers around the world. The buyers then allegedly sold the dumps through online forums or directly to individuals and organizations. Smilianets was allegedly in charge of sales, vending the data only to trusted identity theft wholesalers. According to court documents, he charged approximately $10 for each stolen American credit card number and associated data, approximately $50 for each European credit card number and associated data and approximately $15 for each Canadian credit card number and associated data – offering discounted pricing to bulk and repeat customers. Ultimately, the end users encoded each dump onto the magnetic strip of a blank plastic card and cashed out the value of the dump by either withdrawing money from ATMs or making purchases with the cards.

Covering Their Tracks

The defendants used a number of methods to conceal the scheme. Unlike traditional Internet service providers, Rytikov allegedly allowed his clients to hack with the knowledge he would never keep records of their online activities or share information with law enforcement.

Over the course of the conspiracy, the defendants allegedly communicated through private and encrypted communications channels to avoid detection. Fearing law enforcement would intercept even those communications, some of the conspirators allegedly attempted to meet in person.

To protect against detection by the victim companies, the defendants allegedly altered the settings on victim company networks to disable security mechanisms from logging their actions. The defendants also worked to evade existing protections by security software.

* * *

Court documents allege that as a result of the scheme, financial institutions, credit card companies and consumers suffered hundreds of millions in losses, including more than $300 million in losses reported by just three of the corporate victims and immeasurable losses to the identity theft victims in costs associated with stolen identities and false charges.

If convicted, the maximum penalties for the charged counts are: five years in prison for conspiracy to gain unauthorized access to computers; 30 years in prison for conspiracy to commit wire fraud; five years in prison for unauthorized access to computers; and 30 years in prison for wire fraud.

The charges and allegations contained in the indictment are merely accusations, and the defendants are considered innocent unless and until proven guilty.

The case was investigated by the USSS Criminal Investigations Division and the USSS Newark Division. Significant assistance was provided by the Justice Department’s Office of International Affairs and the public prosecutors with the Dutch Ministry of Security and Justice and the National High Tech Crime Unit of the Dutch National Police.

The government is represented by Erez Liebermann, Deputy Chief of the New Jersey U.S. Attorney’s Office Criminal Division, Assistant U.S. Attorney Gurbir Grewal of the Computer Hacking and Intellectual Property Section of the office’s Economic Crimes Unit and Trial Attorney James Silver of the Criminal Division’s Computer Crime and Intellectual Property Section. The U.S. Attorney’s Offices in the District of Kansas and the Northern District of Georgia provided valuable contributions in the development of the prosecution.”

————————————————————–

Douglas McNabb – McNabb Associates, P.C.’s
Federal Criminal Defense Attorneys Videos:

Federal Crimes – Be Careful

Federal Crimes – Be Proactive

Federal Crimes – Federal Indictment

Federal Crimes – Detention Hearing

————————————————————–

To find additional federal criminal news, please read Federal Criminal Defense Daily.

Douglas McNabb and other members of the U.S. law firm practice and write and/or report extensively on matters involving Federal Criminal Defense, INTERPOL Red Notice Removal, International Extradition Defense, OFAC SDN Sanctions Removal, International Criminal Court Defense, and US Seizure of Non-Resident, Foreign-Owned Assets. Because we have experience dealing with INTERPOL, our firm understands the inter-relationship that INTERPOL’s “Red Notice” brings to this equation.

The author of this blog is Douglas C. McNabb. Please feel free to contact him directly at mcnabb@mcnabbassociates.com or at one of the offices listed above.


Briton Accused of Hacking Fox, PBS Websites

June 14, 2012

ABC News on June 14, 2012 released the following:

“By SHAYA TAYEFE MOHAJER Associated Press

A 20-year-old Briton suspected of links to the hacking group Lulz Security is accused of cracking into websites for a Fox reality TV show, a venerable news show and other sites to deface them or steal personal information, federal prosecutors said Wednesday.

A federal grand jury indicted Ryan Cleary on conspiracy and hacking charges for allegedly hacking sites for the talent competition “The X-Factor,” the site for “PBS NewsHour,” Sony Pictures and others.

The indictment filed Tuesday alleges Cleary and his co-conspirators would identify security vulnerabilities in companies’ computer systems and use them to gain unauthorized access and, often, cause mayhem.

In a separate and similar case filed against Cleary in the United Kingdom in 2011, he faces allegations that he and others hacked a law enforcement agency, the Serious Organized Crime Agency, and various British music sites — all while he was still a teenager.

Cleary was taken into custody in March and remains in custody in the United Kingdom, said Laura Eimiller, FBI spokeswoman.

In one instance, the U.S. indictment alleges, Cleary conspired to steal the confidential information of people who registered to get information on auditions for the Fox talent competition “The X-Factor.”

That hack was the first to be claimed by LulzSec, an offshoot of the larger hacking group Anonymous, in tweets about its international hacking spree that began in May 2011.

Later that month, LulzSec claimed to have hacked the website of the Public Broadcasting Service, where a phony news story was posted claiming the dead rapper Tupac Shakur was alive and living in New Zealand.

The post caused a stir on the site for “PBS NewsHour,” an award-winning broadcast news show, and came after the network aired a documentary on WikiLeaks founder Julian Assange that was deemed critical. PBS’ ombudsman at the time defended the program’s treatment of Assange as “tough but proper.”

The indictment also alleges LulzSec and Cleary hacked into the computer systems of Sony Pictures Entertainment Inc. in June 2011 to steal confidential information of users who had registered on the company’s website.

Cleary faces a maximum of 25 years if convicted on all charges.

Calls and emails to Fox, Sony and “The NewsHour” seeking comment and confirmation were not immediately returned Wednesday.

An after-hours call to Cleary’s legal representative in London was not returned. It was not immediately clear who would represent him in the United States.

LulzSec also has claimed responsibility for hacking incidents not listed in Cleary’s indictment, including hacking the CIA’s public-facing website and the Atlanta chapter of an FBI partner organization called InfraGard.”

————————————————————–

Douglas McNabb – McNabb Associates, P.C.’s
Federal Criminal Defense Attorneys Videos:

Federal Crimes – Be Careful

Federal Crimes – Be Proactive

Federal Crimes – Federal Indictment

Federal Crimes – Detention Hearing

————————————————————–

To find additional federal criminal news, please read Federal Criminal Defense Daily.

Douglas McNabb and other members of the U.S. law firm practice and write and/or report extensively on matters involving Federal Criminal Defense, INTERPOL Red Notice Removal, International Extradition Defense, OFAC SDN Sanctions Removal, International Criminal Court Defense, and US Seizure of Non-Resident, Foreign-Owned Assets. Because we have experience dealing with INTERPOL, our firm understands the inter-relationship that INTERPOL’s “Red Notice” brings to this equation.

The author of this blog is Douglas C. McNabb. Please feel free to contact him directly at mcnabb@mcnabbassociates.com or at one of the offices listed above.


Dutch man charged with allegedly stealing Wash. credit cards

June 12, 2012

Associated Press on June 11, 2012 released the following:

“By MANUEL VALDES
Associated Press

SEATTLE (AP) — In an investigation that spanned from a Seattle restaurant to Romania, a 21-year-old Dutch national pleaded not guilty Monday to federal computer hacking charges that include the theft of at least 44,000 credit card numbers.

Federal prosecutors said David Benjamin Schrooten is a prominent figure known as “Fortezza” in the international hacking community who sold stolen credit card numbers in bulk through websites.

The 44,000 credit card numbers included in these charges come from just one sale, authorities said.

Schrooten was arrested in Romania and arrived in Seattle on Saturday. He has been charged with 14 crimes, ranging from access device fraud to identity theft, authorities said.

“People think that cyber criminals cannot be found or apprehended. Today we know that’s not true. You cannot hide in cyberspace,” said U.S. Attorney Jenny A. Durkan at a news conference. “We will find you. We will charge you. We will extradite you and we will prosecute you.”

A message left with Schrooten’s listed attorney was not immediately returned.

Seattle and federal authorities credited a local Italian restaurant owner for sparking the investigation.

Corino Bonjrada said he became alarmed after several complaints from customers of suspicious charges after dining at Modello Risorante Italiano.

Customers suspected his workers had taken their credit card information and used it, but Bonjrada found no evidence of that. He then called computer experts and eventually the police, he said.

That led police to Christopher A. Schroebel, 21, of Maryland, who they say planted spying malware in the sales systems of two Seattle businesses, two of dozens of businesses targeted. Schroebel had collected at least 4,800 credit card numbers in 2011.

“Some of my customers were saying they didn’t know if they wanted to come back,” Bonjrada said. “They were afraid.”

Schroebel was arrested in November 2011 and pleaded guilty last month to federal charges that included bank fraud. He is set to be sentenced in August.

Investigators said Schrooten worked with Schroebel in creating websites to sell the credit card numbers.

Bonjrada said some customers were charged within “10 minutes” of using their credit card at his restaurants in the amounts of $70 or $80.

Authorities said the investigation into the ring run by Schrooten is continuing.

Schrooten is scheduled back in court Aug. 20.”

————————————————————–

Douglas McNabb – McNabb Associates, P.C.’s
Federal Criminal Defense Attorneys Videos:

Federal Crimes – Be Careful

Federal Crimes – Be Proactive

Federal Crimes – Federal Indictment

Federal Crimes – Detention Hearing

————————————————————–

To find additional federal criminal news, please read Federal Criminal Defense Daily.

Douglas McNabb and other members of the U.S. law firm practice and write and/or report extensively on matters involving Federal Criminal Defense, INTERPOL Red Notice Removal, International Extradition Defense, OFAC SDN Sanctions Removal, International Criminal Court Defense, and US Seizure of Non-Resident, Foreign-Owned Assets. Because we have experience dealing with INTERPOL, our firm understands the inter-relationship that INTERPOL’s “Red Notice” brings to this equation.

The author of this blog is Douglas C. McNabb. Please feel free to contact him directly at mcnabb@mcnabbassociates.com or at one of the offices listed above.