The U.S. Attorney’s Office in the District of New Jersey is expected to further discuss charges today against five hackers who allegedly stole at least 160 million credit and debit card numbers and netted more than $300 million over the course of seven years in what could be the largest cybercrime ring of all time.
The hackers, five men living in the Ukraine and Russia, allegedly broke into computer systems belonging to NASDAQ, Visa, 7-Eleven, JCPenney, Hannaford Brothers, Wet Seal, JetBlue Airways, and Dow Jones Inc. from 2005 until at least last summer, according to an indictment unsealed Thursday.
The hackers scouted their victims and identified vulnerabilities on their payment-processing systems before going on to install back doors on the companies’ computer systems. A report on the Wall Street Journal this morning claims the hackers would get a chunk of money for each card number stolen.
“Prices ranged from about $10 for each stolen American credit-card number, $50 for each European number and $15 for the Canadian variety,” the report said.
The men, Vladimir Drinkman, Aleksandr Kalinin, Roman Kotov, Mikhail Rytikov, and Dmitriy Smilianets face a series of conspiracy charges, including conspiracy to commit wire fraud, computer hacking conspiracy, unauthorized computer access, and wire fraud.
Two of the defendants are in custody – one was arrested in the Netherlands apparently – while the other three remain at large.
U.S. Attorney Paul Fishman plans to hold a press conference in Newark later today to discuss the case.
The indictment claims the men were allegedly associated with Albert Gonzalez, the famed TJX hacker who was jailed in 2010 for sealing $130 million from Heartland Payment Systems and Office Max, among other corporations.
Gonzalez, who is named as a “co-conspirator” in the scheme, stole and sold more than 170 million credit card numbers from 2005 to 2007 and is currently serving a 20-year sentence in a federal correctional institution in Milan, Mich.
A separate group of Ukrainian hackers broke into a series of banks and payment processors such as TD Ameritrade and Paypal earlier this summer. That cybercrime ring allegedly stole in excess of $15 million through money laundering and identify theft via “cashers” using prepaid debit cards.