Man goes on trial over hacking of 160 million credit card numbers

Russian (29) pleads not guilty in largest ever such cybercrime case in US which cost firms $300m

Dmitriy Smilianets (29), from Moscow, has pleaded not guilty to charges related to the hacking of some 160 million credit cards. Photograph: Pawel Kopczynski/Reuters
Dmitriy Smilianets (29), from Moscow, has pleaded not guilty to charges related to the hacking of some 160 million credit cards. Photograph: Pawel Kopczynski/Reuters

A Russian man accused of being part of the largest cybercrime ring ever prosecuted in the United States has pleaded not guilty to charges that could send him to prison for decades.

Dmitriy Smilianets (29), from Moscow, entered the plea during an afternoon hearing in federal court in Newark, New Jersey yesterday.

His lawyer told Reuters that he would fight the charges and that he was looking into possible irregularities with the circumstances of his arrest last year in the Netherlands.

Mr Smilianets wore an orange prison jumpsuit and stood with shackled hands and feet during the appearance with lawyer Bruce Provda before US District Judge Jerome Simandle.

READ MORE

Smilianets is accused of conspiring with a team of hackers from Russia and the Ukraine to steal more than 160 million credit card numbers in a series of breaches that cost victim companies more than $300 million.

The companies infiltrated included financial firms such as Nasdaq and Heartland Payment Systems Inc, along with other well-known names including JetBlue Airways and retailer JC Penney.

Prosecutors allege Mr Smilianets sold the stolen data after it was taken by four other members of his team, including credit card data starting at $10 for an American number and $50 for a European number.

Mr Smilianets was extradited to the United States in September 2012 and has remained in federal custody since.

In Russia, he was most widely known as the founder of a championship electronic gaming team called Moscow 5, which traveled the world for competitions. Online, his handles included Dima Brave and Dima Bold.

If convicted, he faces up to 30 years for conspiracy to commit wire fraud, another 30 years for wire fraud and five years each for gaining unauthorised access to computers and conspiracy to gain access.

Also arrested in the Netherlands was Vladimir Drinkman, who remains there fighting extradition.

Amid a general worsening of relations with Russia exacerbated by intelligence agency leaker Edward Snowden’s flight there, prosecutors last month also unsealed an indictment against another alleged member of the ring still free in that country, Alexandr Kalinin.

Authorities have been pursuing the hackers for years. Many of the breaches were previously reported, though it appeared the one involving Nasdaq OMX Group Inc was disclosed for the first time in July.

Prosecutors said each of the defendants had specialised tasks: Mr Drinkman and Alexandr Kalinin allegedly hacked into networks, while Roman Kotov (32), allegedly mined them for data.

They allegedly hid their activities using anonymous web-hosting services provided by Mikhail Rytikov (26) from Ukraine.

Mr Rytikov has not been arrested, but a lawyer acting for him, Arkady Bukh, attended Monday’s hearing. Mr Bukh said his client did not know Mr Smilianets.

According to prosecutors, the five men hid their efforts by disabling victims’ anti-virus software and storing data on multiple hacking platforms, prosecutors said. They sold payment card numbers to resellers, who then resold them on online forums or to “cashers” who encode the numbers onto blank plastic cards.

The indictment cited Albert Gonzalez as a co-conspirator. Gonzalez is already serving 20 years in prison after pleading guilty to helping mastermind one of the schemes.

Prosecutors say the defendants worked with Gonzalez before his arrest in Miami, then continued on a crime spree after his capture.

Mr Kalinin and Mr Drinkman were previously charged in New Jersey as ‘Hacker 1’ and ‘Hacker 2’ in a 2009 indictment charging Gonzalez in connection with five breaches.

The Nasdaq breach did not include the trading platform that allows Nasdaq customers to buy and sell securities, prosecutors said.

Officials with Nasdaq declined to comment.

An official briefed on that incident said the group wasn’t able to get any money from its Nasdaq access.

Other victims included Dow Jones, Wet Seal and 7-Eleven, according to prosecutors.

Dow Jones said in a statement that there was “no evidence” that information of Dow Jones or Wall Street Journal customers information was compromised as a result of the breaches.

Reuters