Two Muscovites have been sentenced to years in prison for their roles in the biggest data breach conspiracy ever prosecuted in the United States. Three co-conspirators are still at large.
Vladimir Drinkman, 37 and Dmitriy Smilianets, 34, had previously pleaded guilty for their roles in the conspiracy to commit wire fraud, before receiving their final sentences in a Camden, New Jersey federal court last week.
They are just two of the five conspirators who, since 2009, had systematically targeted major corporate networks, compromising 160 million credit card numbers and inflicting hundreds of millions of dollars in losses.
The fraudsters compromised the computer networks of some of the biggest players in various major industries, such as NASDAQ, 7-Eleven, Carrefour, JCP, Hannaford, Heartland, Wet Seal, Commidea, Dexia, JetBlue, Dow Jones, Euronet, Visa Jordan, Global Payment, Diners Singapore and Ingenicard.
Financial statements by just three of these organizations revealed damages upwards of $300 million because of the breaches, according to justice.gov.
Drinkman and Alexandr Kalinin, 31, specialized in penetrating network security and gaining access to corporate systems, while Roman Kotov, 36, (along with Drinkman) then mined the networks to steal credit card data. Mikhail Rytikov, 30, hid these activities using anonymous web-hosting services – acting as the others’ personal ISP (internet service provider). Rytikov also made it possible for the party to monetize the heists by selling the stolen information on the underground web.
Leveraging known vulnerabilities in the Structured Query Language (SQL) employed by some databases, the perps used injection attacks to deploy malware and create a back door they could later use to exfiltrate data. When their efforts were hampered by security systems, they would employ “persistent attacks,” otherwise known as advanced persistent threats, or APTs.
They used end-to-end encrypted messaging services to discuss their operations, and sometimes met in person, fearing authorities were onto them, court documents say.
“Instant message chats obtained by law enforcement revealed the defendants often targeted the victim companies for many months, waiting patiently as their efforts to bypass security were underway,” according to the justice.gov report. “The defendants had malware implanted in multiple companies’ servers for more than a year.
“To protect against detection by the victim companies, the defendants altered the settings on victim company networks to disable security mechanisms from logging their actions. The defendants also worked to evade existing protections by security software,” the report adds.
For their actions, Drinkman and Smilianets were sentenced to 12 and 4.5 years, respectively, behind bars, plus three years of supervised release. The others in the party – Kalinin, Kotov and Rytikov – are still fugitives.