After what is now considered to be the largest credit and debit card fraud in history, it seems the assailants involved in the October 2010 Nasdaq Inc hacking scandal have nowhere to hide. Following the arrest and incarceration of Albert Gonzalez in Miami, two other perpetrators have been identified this week, and have pleaded guilty to their crimes.
Dmitriy Smilianets and Vladimir Drinkman, both from Russia, have admitted that they were part of the fraud which saw a historical number of private credit and debit card details being stolen across the globe. By hacking into the data files of key American enterprises including the Nasdaq, Dow Jones and 7-Eleven Inc, the team stole the details of almost 160 million different card accounts, at a cost of more than $300 million to the companies involved.
How They Did It
It is believed that Smilianets, Drinkman and their associates leased a number of computers around the world to carry out their espionage. Between 2005 and 2012 they were able to monitor the security systems of their target organisations, discovering potential ways to access private data.
Drinkman and another Russian, Roman Kotov, were responsible for mining the security system and placing malware within their targets to gain access to the required files. Smilianets was then responsible for taking the information and marketing it to potential buyers.
Smilianets and Drinkman, along with Kotov and two other accomplices placed themselves in strategic locations within Ukraine, Netherlands, Latvia and the US, where online activity would be more difficult to trace. The team were then able to use underground internet forums to target potential buyers for their assets, and net themselves a very healthy return.
Time to Face Justice
Thankfully the activity within the Nasdaq servers specifically signalled an alert to the FBI indicating the possible existence of malware within the system.
After involving the NSA and other online specific government agencies, the level of maliciousness within the programming became apparent, and a full scale investigation was launched in early 2011. Following five months of intensive work, details of the hackers’ identity started to come to light and the team were able to make their move.
The first to be arrested was Albert Gonzalez, who will serve 30 years for his crimes. And while Drinkman initially pleaded not guilty to the allegations, it is thought he has now changed his plea in return for a reduced sentence.
Aleksandr Kalinin, Roman Kotov and Mikhail Rytikov remain at large, but insiders believe it is not likely to be long before they are also detained.
A Lesson to Be Learned
While greater security has now been built around the targeted organisations, there is a lesson in this adventure for us all. To keep your data safe, make sure you are certain about who you are giving your personal details to. If there is an option to enter your details rather than let the site ‘remember’ your information, then use it. And every time you go online, ensure you use a high quality VPN service to hide IP addresses and keep your data protected.
Sadly, this crime has now set a new world record for the number of details stolen in one event, which means other criminals are going to want to beat it. And only by keeping your details secure can you make sure you are not giving them a helping hand.