WASHINGTON — Federal authorities said Tuesday a Russian national accused of participating in the “largest international hacking and data breach scheme ever prosecuted in the United States,” including breaches at Carrefour, J.C. Penney Co. and Wet Seal, has admitted to his involvement and pleaded guilty.
Officials said Vladimir Drinkman, 34, of Moscow and Syktyykar, Russia, entered the guilty plea in U.S. District Court for the District of New Jersey for his alleged role in an alleged data theft conspiracy that targeted major corporate networks, stole more than 160 million credit card numbers and caused hundreds of millions of dollars in losses.
“This hacking ring’s widespread attacks on American companies caused serious harm and more than $300 million in losses to people and businesses in the United States,” said Assistant Attorney General Caldwell. “As demonstrated by today’s conviction, our close cooperation with our international partners makes it more likely every day that we will find and bring to justice cyber criminals who attack America — wherever in the world they may be.”
Drinkman pled guilty to one count of conspiracy to commit unauthorized access of protected computers and one count of conspiracy to commit wire fraud. He was arrested in the Netherlands in June 2012, and was extradited to the District of New Jersey in February. Sentencing is scheduled for Jan. 15.
According to documents filed in the case, an indictment and statements made in court, Drinkman and four codefendants allegedly hacked into the networks of corporations engaged in financial transactions, retailers that received and transmitted financial data and other institutions with information that “the conspirators could exploit for profit,” authorities said.
Drinkman and his codefendants are charged with attacks on Nasdaq, 7-Eleven, Carrefour, J.C. Penney, Hannaford, Heartland, Wet Seal, Commidea, Dexia, JetBlue, Dow Jones, Euronet, Visa Jordan, Global Payment, Diners Singapore and Ingenicard.
According to the indictment in this case and statements made in court, the five defendants each played specific roles in the scheme. Drinkman and a co-conspirator, Alexandr Kalinin, 28, of St. Petersburg, Russia, allegedly specialized in penetrating network security and gaining access to the corporations’ systems.
Authorities said the hackers hid their activities using anonymous web-hosting services and subsequently sold the stolen information and distributed the ill-gotten gains among themselves.
The hacker ring allegedly sold the stolen credit card numbers and data to “trusted identity theft wholesalers,” authorities said. The end users then encoded the data onto the magnetic strip of blank plastic cards and cashed out by withdrawing money from ATMs or by making purchases with the cards, according to court documents and statements made in court.
As a result of the scheme, retailers, financial institutions, credit card companies and consumers lost hundreds of millions of dollars and “immeasurable losses” associated with stolen identities and false charges, authorities said. Three of the corporations alone reported losing more than $300 million.
“Defendants like Vladimir Drinkman, who have the skills to break into our computer networks and the inclination to do so, pose a cutting-edge threat to our economic well-being, our privacy and our national security,” said U.S. Attorney Paul J. Fishman. “The crimes to which he admitted his guilt have a real, practical cost to our privacy and our pocketbooks.”
A second alleged co-conspirator, Dmitriy Smilianets, 32, of Moscow was arrested and extradited to the U.S. in 2012 and remains in federal custody. The three others allegedly involved in the scheme remain at large.