The numbers were staggering by any measure.
More than 160 million credit card numbers were stolen. According to federal prosecutors, the losses were in excess of $311 million. And at least 17 large financial institutions, retailers and other entities that processed credit card transactions were hacked in an audacious and complex operation that operated under the radar for years out of Russia.
On Wednesday, two of those responsible for what has been called the biggest hacking scheme ever prosecuted in the U.S. were sentenced by U.S. District Judge Jerome Simandle in Camden for their roles in the far-flung enterprise.
Vladimir Drinkman, 37, of Syktyvkar, Russia, who was arrested in the Netherlands in 2012 but fought extradition for more than three years before he was brought to New Jersey to face criminal charges, was sentenced to 12 years in prison. He pleaded guilty to one count of conspiracy to commit unauthorized access of protected computers and one count of conspiracy to commit wire fraud.
Dmitriy Smilianets, 34, of Moscow, who has been in federal custody since June 2012, after he was also arrested in Amsterdam while vacationing and did not fight his extradition to New Jersey, was sentenced to the time he has already served. He had pleaded guilty to conspiracy to commit wire fraud in a manner affecting a financial institution.
“These defendants operated at the highest levels of illegal hacking and trafficking of stolen identities,” said Acting U.S. Attorney William E. Fitzpatrick in a statement. “They used their sophisticated computer skills to infiltrate computer networks, steal information and sell it for a profit.”
The two were among a major hacking ring that included four Russians and one individual from Ukraine who was charged with penetrating the computer networks of some of the world’s largest corporations, along with America’s largest electronic stock market, over a seven-year period.
Among the victims were Dow Jones, NASDAQ, J.C. Penney, JetBlue, 7-Eleven and Princeton-based Heartland Payment Systems, prosecutors said.
According to the U.S. Attorney’s office, the ring uploaded malware into corporate computer systems, and then used those programs to gradually obtain the information they sold in “dumps” to resellers around the world. The resellers served as middlemen, offering the data to others who used the information to encode the magnetic strip of a blank credit cards and using those fraudulent cards to withdraw money from ATMs or to buy things.
“This is an extraordinary crime. By several measures, this hacking scheme was without precedent–the volume of material stolen; the damage caused; the number of major corporate victims exceed that of any other hacking case charged in the United States,” wrote assistant U.S. attorneys Justin Herring and Andrew Pak, in sentencing memos to the court before Wednesday’s hearing that were obtained by NJ Advance Media.
According to the court filing, the scheme more than tripled the…