A second Russian man has pleaded guilty in an American court for his role in what is thought to be the biggest data breach in the history of the US.
A day after 34-year-old Vladimir Drinkman pleaded guilty in New Jersey for helping to orchestrate the theft of 160 million credit card details, Dmitriy Smilianets, 32, admitted his involvement in the cyberattack.
The two men, along with three others, were originally indicted in 2013 and charged with “spearheading a worldwide hacking conspiracy that victimized a wide array of consumers and entities, causing hundreds of millions of dollars in losses”.
Mr Drinkman and Mr Smilianets were first apprehended in the Netherlands three years ago. The latter was extradited to the US at the time, while the former had been in the custody of Dutch authorities until February of this year.
The other three suspects in this landmark case, Alexandr Kalinin, 28; Roman Kotov, 34; and Mikhail Rytikov, 28, remain at large.
Prosecutors argue that all five suspects “conspired with others” to breach computer networks belonging to payment processing companies, retailers and financial institutions - including Nasdaq, 7-Eleven, Carrefour, JCP, Hannaford and Ingenicard.
“The hackers identified vulnerabilities in SQL databases and used those vulnerabilities to infiltrate a computer network.”
“The initial entry was often gained using a SQL (structured query language),” the Department of Justice explained earlier this year.
“The hackers identified vulnerabilities in SQL databases and used those vulnerabilities to infiltrate a computer network.”
Once in, the defendants were able circulate malware throughout the system, creating a hidden “backdoor” that allowed them to maintain ongoing access to the network.
After they had acquired credit card data - and valuable information connected to it - they went on to sell the information to individuals and organizations throughout the world.
It is alleged that for every American credit card number and associated data, the group made a $10 profit; for Canadian counterparts, it was $15; and for European alternatives, it was $50.
“This hacking ring’s widespread attacks on American companies caused serious harm and more than $300 million in losses to people and businesses in the United States,” commented Leslie R. Caldwell, assistant attorney general for the criminal division of the Department of Justice.
“As demonstrated by today’s conviction, our close cooperation with our international partners makes it more likely every day that we will find and bring to justice cybercriminals who attack America – wherever in the world they may be.”