Newark, New Jersey – Today, Russian Hacker Vladamir Drinkman and a co-conspirator were sentenced in U.S. District Court for the 2009 Heartland Payment Systems hack resulting in more than $300 million in losses.
Drinkman, a Russian national, was sentenced to 12 years as the mastermind behind the hack of Heartland and 15 other financial payment systems. Another Russian, Dmitriy Smilianets, was sentenced to 4 years and 3 months for selling the information Drinkman obtained and distributing the proceeds to co-conspirators. A third co-conspirator, Albert Gonzales, was sentenced to 20 years in 2010.
In 2009, following discovery of the hacking operation, an investigation by the U.S. Secret Service Criminal Investigative Division’s Cyber Intelligence Section resulted in the indictment of Albert Gonzalez and two others, later identified as Drinkman and Smilianets.
In 2012, U.S. Secret Service agents, in conjunction with Dutch law enforcement authorities, arrested Drinkman while on leisure travel in Western Europe. A Dutch Court rejected all appeals and approved his extradition to the United States in 2015.
"This case demonstrates the investigative capabilities of the U.S. Secret Service and the collaborative efforts of our law enforcement partners, specifically the U.S. Attorney’s Office District of New Jersey, and the Dutch Ministry of Security and Justice" said Mark McKevitt, Special Agent in Charge of the U.S. Secret Service Newark Field Office. "The Secret Service will continue to develop innovative ways to protect the financial infrastructure of the United States and bring to justice cyber criminals who use emerging technologies to conduct business."
Drinkman sought to hack financial transaction corporations and retailers. He and his co-conspirators were charged with attacks on 7-Eleven, Carrefour, JCP, Hannaford, Heartland, Wet Seal, Commidea, Dexia, JetBlue, Dow Jones, Euronet, Visa Jordan, Global Payment, Diners Singapore, Ingenicard and NASDAQ. No evidence suggests that the NASDAQ trading platform was affected.
In most cases, initial access to these networks was gained via a "SQL injection attack," a programming language designed for databases. Drinkman and his co-conspirators were able to identify vulnerabilities to infiltrate the computer networks, where they placed malware that allowed continuous access.
Drinkman and his co-conspirators sold card numbers and associated data to resellers around the world. These buyers then sold the data in online forums or directly to individuals and organizations. Ultimately, the end users encoded the stolen information onto the magnetic strip of a blank plastic card and cashed out the value by withdrawing money from ATMs or making purchases with the cards.