US Attorney Paul Fishman |
US prosecutors in New York separately indicted one of the five men and another Russian in another hacking scheme that targeted 800.000 bank accounts. Two of the men are in custody.
On June 25th, 2013, Preet Bharara, the United States Attorney for the Southern District of New York, announced the unsealing of an indictment against Aleksandr Kalinin, aka “Grig,” aka “g,” aka “tempo,” for hacking certain computer servers used by the NASDAQ Stock Market. In a separate indictment also unsealed, Kalinin and another Russian hacker, Nikolay Nasenkov were charged in the same matter.
Both, Kalinin and Nasenkov remain at large.
Fishman said: "This type of crime is the cutting edge. Those who have the expertise and the inclination to break into our computer networks threaten our economic wellbeing, our privacy and our national security."
US Attorney Preet Bharara |
Preet Bharara said: “As today’s allegations make clear, cyber criminals are determined to prey not only on individual bank accounts, but on the financial system itself. But would-be cyber thieves should take note: Because of the close and growing collaboration between the U.S. government and the private sector on issues of cyber security, our ability to unmask and prosecute the anonymous perpetrators of cyber crimes - wherever they may be located - has never been stronger.”
FBI Assistant Director in Charge George Venizelos said: “As alleged, Kalinin infiltrated NASDAQ’s servers, allowing for the manipulation and theft of sensitive data. In a series of separate schemes, Kalinin and Nasenkov stole hundreds of thousands of bank account numbers, PINs, and other code to withdraw millions of dollars from victim accounts. Today, their password has expired.”
FBI (AD) George Venizelos |
The NASDAQ Hack
From November 2008 through October 2010, Kalinin hacked various computer servers used by the NASDAQ to conduct its business operations. During the courses of these hacka, Kalinin installed on certain NASDAQ servers malicious software (Malware) which permitted him and his companions to secretly access the compromised NASDAQ servers to execute commands on those servers, including commands to delete, change or steal data. (The infected servers did not include the trading platform that allows NASDAQ customers to buy and sell securities.)
The Citibank and PNC Bank Hacks
From December 2005 through November 2008, Kalinin and Nasenkov allegedly stole bank account information from financial institutions through computer hacking. Kalinin, Nasenkov, and their co-conspirators then used that account data to access the bank accounts of thousands of individual victims without authorization and without those victims’ knowledge, resulting in the theft of millions of dollars from those accounts.
The Cybercriminals then fraudulently obtained bank account numbers, customer identification numbers (a unique number embossed or printed on the front of an ATM card. See picture), card security codes (a security feature which helps authenticate an ATM card. See picture), and personal identification numbers (PINs) for victims’ accounts at financial institutions, including Citibank and PNC Bank, through computer intrusion and other hacking techniques. As part of the scheme, the defendants and their co-conspirators then encoded the stolen account data onto the magnetic strips of blank plastic ATM cards so that those ATM cards could be used to access individual victims’ bank accounts through ATMs. The ATM cards were then used, along with the stolen account PINs, to access individual victims’ accounts through ATMs located around the world, including the United States, Estonia, Canada, Great Britain, Russia, and Turkey, and to withdraw from those accounts millions of dollars.
CSC |
In January 2006, the PINs for hundreds of customer accounts were compromised as a result of a cyber attack launched against PNC Bank’s online banking website. Nasenkov allegedly supplied stolen account information, including PINs, from the compromised bank accounts to co-conspirators who, in return, used the stolen account information to encode blank ATM cards and withdraw approximately 1.3 million USD from victims’ accounts.
In 2007, Kalinin, placed malware on a computer network that processed ATM transactions for Citibank and other financial institutions. This malware recorded data passing over the network and exported it to an outside computer. Using this malicious computer code, Kalinin stole bank account information for approximately 500.000 bank accounts, including approximately 100.000 Citibank accounts. The stolen account information was used to create ATM cards that in turn were used to withdraw approximately 2.9 million USD from Citibank customers’ accounts.
In 2008, Nasenkov used a computer program to mount an attack against Citibank’s online banking website that resulted in the theft of account information for more than 300.000 accounts. The stolen account information was used to create ATM cards that in turn were used to withdraw approximately 3.6 million USD from the compromised accounts.
Kalinin, 26, of St. Petersburg, Russia, is charged with one count of computer hacking in connection with the NASDAQ hack, which carries a maximum sentence of 10 years in prison. In connection with the scheme to steal bank account information, Kalinin is charged with one count of conspiracy to commit bank fraud, which carries a maximum sentence of 30 years in prison; 4 counts of bank fraud, each of which carries a maximum sentence of 30 years in prison; one count of conspiracy to commit access device fraud, which carries a maximum sentence of seven and a half years in prison; one count of aggravated identity theft, which carries a mandatory sentence of two years in prison; and one count of conspiracy to commit computer intrusion, which carries a maximum sentence of 5 years in prison. All in all Kalinin could be sentenced to 174 years and a half in prison.
NASENKOV, 31, of St. Petersburg, Russia, is charged with one count of conspiracy to commit bank fraud, which carries a maximum sentence of 30 years in prison; 4 counts of bank fraud, each of which carries a maximum sentence of 30 years in prison; one count of conspiracy to commit access device fraud, which carries a maximum sentence of seven and a half years in prison; one count of computer intrusion to obtain information, which carries a maximum sentence of five years in prison; one count of computer intrusion to further fraud, which carries a maximum sentence of five years in prison; one count of aggravated identity theft, which carries a mandatory sentence of two years in prison; one count of conspiracy to commit money laundering, which carries a maximum sentence of 20 years in prison; and one count of conspiracy to commit computer intrusion, which carries a maximum sentence of five years in prison. All in all Nasenkov could be sentenced to 219 years and a half in prison.
Albert Gonzalez |
Other defendants from the Hacker-Ring (also known as the "Moscow-Five") charged are:
- Roman Kotov, 32, of Moscow
- Vladimir Drinkman, 32, of Moscow
- Dmitriy Smilianets, 29, of Moscow
- Mikhail Rytikov, 26, of Odessa, Ukraine
Keine Kommentare:
Kommentar veröffentlichen