DOJ Charges Suspect in Largest Known Data Breach

By Sean Michael Kerner  |  Posted 2015-02-18 Print this article Print
hacker indictment

A Russian national appeared in federal court in connection with cyber-attacks that occurred between 2007 and 2009 and affected up to 160 million credit cards.

Justice may not always be swift, but the U.S government has proven itself to be tenacious in tracking down alleged cyber-criminals to the ends of the Earth. The U.S Department of Justice (DOJ) announced Feb. 17 that Russian national Vladimir Drinkman appeared in a federal court in New Jersey in connection with cyber-attacks that occurred between 2007 and 2009 and affected up to 160 million credit cards.

Drinkman has pleaded not guilty and is being detained without bail ahead of a trial scheduled for April 27, 2015. Before being extradited to the United States to stand trial, Drinkman had been in detention by authorities in the Netherlands since he was first arrested June 28, 2012.

According to the indictment, Drinkman did not act alone in his activities and there were other co-conspirators, including Alexandr Kalinin of St. Petersburg, Russia; Roman Kotov, of Moscow; Mikhail Rytikov of Odessa, Ukraine; and Dmitriy Smilianets of Moscow. The Justice Department noted that Smilanets is currently in U.S. federal custody, while Kalinin, Kotov and Rytikov remain at large.

The Justice Department previously identified Drinkman and Kalinin as "Hacker 1" and "Hacker 2" in a 2009 indictment in which Albert Gonzalez was also charged. That indictment involved the corporate data breach that impacted Heartland Payment Systems, Hannaford Brothers and 7-Eleven.  

All told, the Justice Department claims that Drinkman and his co-conspirators acquired at least 160 million credit card numbers by way of various hacking activities. Those activities include SQL injection attacks against the victims, whereby the attackers were able to inject malware.

"This malware created a back door, leaving the system vulnerable and helping the defendants maintain access to the network," the U.S Department of Justice noted in a statement. "In some cases, the defendants lost access to the system due to companies' security efforts, but were allegedly able to regain access through persistent attacks."

Though Drinkman was first identified back in 2009 as Hacker 1 in the Gonzalez indictment, it took until 2015 for the U.S. government to bring him before a federal court. That six-year gap is not uncommon, said Phil Smith, senior vice president, Government Solutions and Special Investigations, at security specialist Trustwave.  The extradition process is lengthy and can be cumbersome, he added. 

"Criminals will often flee to countries where extradition to the U.S. or NATO countries is lengthy or can be subverted," Smith told eWEEK. "We have even seen cases where the U.S. has pending criminal charges and requested to extradite individuals only to see them tried, convicted and jailed in a foreign country and then extradited back to their home countries to serve out their sentences."

Smith added that, in some cases he is aware of, once criminals have been returned to their home countries, the charges were thrown out and the criminals have been released. "It is very frustrating. So when you are able to get one of these individuals extradited to the U.S., it's a great victory and I applaud the efforts of the prosecutors and agents," he said.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel