In what the U.S Department of Justice is calling the “largest known data breach conspiracy” of all time, five European hackers gained access to and stole sensitive information from computer systems belonging to multiple high profile organizations, including NASDAQ, J.C Penny, 7-Eleven and many others.
The titanic conspiracy was silently carried out over a course of at least five years, and the men involved spoke to each other over secure, encrypted channels, reasonably fearing surveillance would uncover their dark deeds.
In a string of break-ins that U.S. Attorney Fishman called “cutting edge”, these nefarious geniuses managed to steal over 160 million credit card numbers from citizens around the world, along with other highly sensitive personal information, from institutions, companies and corporations such as J.C Penny, NASDAQ, 7-Eleven, Dow Jones, Euronet, and others.
The five linked to the case are: Vladimir Drinkman, Dmitriy Smilianets, Alexandr Kalinin, Roman Kotov and Mikhail Rytikov. While the first two have been captured and taken into custody, the latter three remain at large.
No sticklers for protecting their identity, the first four carried out their crimes through web services provided by Rytikov, who agreed not to save any records of their Internet activity.
According to court documents, the majority of the attacks commenced with SQL injections on corporate networks. From there, the perpetrators lodged malware and other malicious code designed to give them further access to company computer systems, and sensitive information contained therein.
The hackers were thorough and patient, often waiting months for their attacks to succeed. In order to evade detection, they modified and disabled security programs monitoring the systems.
The credit card information was packaged into huge information “dumps”, which were then sold on Internet forums. The hackers apparently sold the information only to “trusted identity theft wholesalers”, likely fearing the possibility of undercover investigator customers.
U.S Attorney Fishman concludes, “Those who have the expertise and the inclination to break into our computer networks threaten our economic well-being, our privacy, and our national security.”
But what Fishman might not realize is that the U.S government needs people with the expertise and inclination to break into computer systems in order to protect and secure them. In order to combat the so-called “black hat” hackers, people are needed with equal or greater skill, but different motives.
Such people work in information security fields, and are often known as “white hat” hackers. Their jobs are vital to the security of systems, both corporate and federal. United States Secret Service (which has jurisdiction over some types of financial fraud) Special Agent in Charge Mottola, who is perhaps a little better informed than Fisher, seems to concede in saying:
“As is evident by this indictment, the Secret Service will continue to apply innovative techniques [read: hacking skills] to successfully investigate and arrest transnational cyber criminals.”
Source: Department of Justice