A Russian national appeared in Newark federal court today after being extradited from the Netherlands to face charges that he conspired in the largest international hacking and data breach scheme ever prosecuted in the United States, New Jersey U.S. Attorney Paul J. Fishman, U.S. Secret Service Acting Director Joseph P. Clancy and Assistant Attorney General Leslie Caldwell and announced.
Vladimir Drinkman, 34, of Syktyykar and Moscow, Russia, was arrested in the Netherlands on June 28, 2012, and charged in a scheme that targeted major corporate networks, stole more than 160 million credit card numbers, and resulted in hundreds of millions of dollars in losses. He had been detained by the Dutch authorities pending the resolution of the extradition proceedings.
He appeared today before U.S. Magistrate Judge James B. Clark III, entered a plea of not guilty to all 11 counts charged in the indictment and was ordered detained. Trial before U.S. district Judge Jerome B. Simandle is scheduled for April 27, 2015.
Drinkman and four co-defendants allegedly sought corporate victims engaged in financial transactions, retailers that received and transmitted financial data and other institutions with information they could exploit for profit. The defendants are charged with attacks on NASDAQ, 7-Eleven, Carrefour, JCP, Hannaford, Heartland, Wet Seal, Commidea, Dexia, JetBlue, Dow Jones, Euronet, Visa Jordan, Global Payment, Diners Singapore and Ingenicard. It is not alleged that the NASDAQ hack affected its trading platform.
The five defendants each served particular roles in the scheme. Drinkman and Alexandr Kalinin, 28, of St. Petersburg, Russia, each specialized in penetrating network security and gaining access to the corporate victims’ systems. Roman Kotov, 33, of Moscow, also a hacker, specialized in mining the networks Drinkman and Kalinin compromised to steal valuable data. The hackers hid their activities using anonymous web-hosting services provided by Mikhail Rytikov, 27, of Odessa, Ukraine. Dmitriy Smilianets, 31, of Moscow, sold the information stolen by the other conspirators and distributed the proceeds of the scheme to the participants.
Drinkman and Kalinin were previously charged in New Jersey as “Hacker 1” and “Hacker 2” in a 2009 indictment charging Albert Gonzalez, 33, of Miami, in connection with five corporate data breaches – including the breach of Heartland Payment Systems Inc., which at the time was the largest ever reported. Gonzalez is currently serving 20 years in federal prison for those offenses. Kalinin is also charged in two federal indictments in the Southern District of New York: One charges Kalinin in connection with hacking certain computer servers used by NASDAQ and the second indictment charges him and another Russian hacker, Nikolay Nasenkov, with an international scheme to steal bank account information from U.S.-based financial institutions. Rytikov was previously charged in the Eastern District of Virginia with an unrelated scheme.
Drinkman and Smilianets were arrested at the request of the United States while traveling in the Netherlands on June 28, 2012. Smilianets was extradited Sept. 7, 2012, and remains in federal custody. Kalinin, Kotov and Rytikov remain at large. All of the defendants are Russian nationals except for Rytikov, who is a citizen of Ukraine.
As a result of the scheme, financial institutions, credit card companies and consumers suffered hundreds of millions in losses – including more than $300 million in losses reported by just three of the corporate victims – and immeasurable losses to the identity theft victims in costs associated with stolen identities and false charges.