The group was made up of five hackers, two of whom focused on breaking into corporate networks, one who analyzed stolen data, one managed sales and the fifth focused on covering tracks. Russian hackers Vladimir Drinkman and Dmitriy Smilianets were arrested in 2012 while traveling in the Netherlands at the request of the US. The other three, Russians Roman Kotov and Alexandr Kalinin and Ukrainian Mikhail Rytikov, are still at large.
The hackers stole more than 160 million credit card numbers and account data in a series of attacks that began in 2005 and targeted more than a dozen corporate computer networks, leading to more than $300 million in losses.
The companies hacked include Dow Jones, Citiback, PNC financial, JetBlue, J.C. Penny, 7-Eleven and other large credit card processing companies. NASDAQ was also hacked but was not compromised. It is unclear what the goal of infiltrating the exchange was.
The World Federation of Exchanges reported this month that 53 percent of its member exchanges reported that they had endured a cyber attack in the last year.
The hackers planted malware and created programs that would guess passwords repeatedly until gaining access. On a single day in 2008 they got access to 300,000 Citibank accounts using the password guessing technique.
With the stolen data they made and sold fake cards that were used to withdraw money from ATM machines. The price for an American card number and relevant data was $10, a European card was $50 and a Canadian card was $15.
Kalinin faces nine charges carrying a combined maximum sentence of 204 years in prison. He faces additional charges for a 2008-2010 scheme where he hacked into NASDAQ servers. Kalinin and hacker Nikolay Nasenkov stole millions of dollars from more than 800,000 Citibank and PNC accounts. Nasenkov faces 10 charges with combined maximum sentences of 194 years.
