A Russian national admitted to plotting the largest international hacking and data-breach scheme ever prosecuted in the United States, which caused hundreds of millions of dollars in losses.
Vladimir Drinkman, 34, of Moscow, pleaded guilty Tuesday in federal court in Camden to one count each of conspiracy to commit unauthorized access to protected computers and conspiracy to commit wire fraud.
Authorities said the data theft conspiracy targeted major corporate networks worldwide, including retailers, financial institutions, and payment processors, and stole more than 160 million credit card numbers.
"Defendants like Vladimir Drinkman, who have the skills to break into our computer networks and the inclination to do so, pose a cutting-edge threat to our economic well-being, our privacy and our national security," New Jersey U.S. Attorney Paul J. Fishman said in a statement. "The crimes to which he admitted his guilt have a real, practical cost to our privacy and our pocketbooks."
Among the companies hit were Princeton-based Heartland Payment Systems, 7-Eleven, J.C. Penney, JetBlue, Dow Jones, Global Payment, and NASDAQ. Prosecutors said NASDAQ trading was not affected.
"This hacking ring's widespread attacks on American companies caused serious harm and more than $300 million in losses to people and businesses in the U.S.," Assistant Attorney General Leslie Caldwell said in a statement.
Drinkman and four other defendants were charged in a superseding indictment in July 2013. Prosecutors said each defendant had a specific role in the scheme.
Drinkman and Alexandr Kalinin, 28, of St. Petersburg, Russia, specialized in penetrating network security and gaining access to the corporate systems, prosecutors said.
The defendants stole user names and passwords, means of identification, credit and debit card numbers, and other corresponding personal identification information of cardholders, prosecutors said.
After acquiring the information, which they called "dumps," the defendants allegedly sold the data to trusted theft wholesalers around the world - $10 for each stolen American credit card number, $15 for a Canadian and about $50 for a European credit card number. Discounts were given to bulk and repeat customers.
The stolen data were encoded onto the magnetic strip of a blank plastic card and the user withdrew money from ATMs or made purchases with the cards, authorities said.
Prosecutors said the hackers hid their activities using anonymous web-hosting services provided by Mikhail Rytikov, 28, of Odessa, Ukraine. The stolen information was allegedly sold by Dmitriy Smilianets, 32, of Moscow, and the proceeds distributed to the participants, prosecutors said.
Dressed in a black T-shirt and jeans, Drinkman answered a litany of questions in court during an hour-long hearing before Chief U.S. District Judge Jerome B. Simandle.
"Yes, it is my personal decision to plead guilty," Drinkman told the judge. His attorney, Florian Meidel, declined comment on what prompted the plea or whether Drinkman is cooperating with authorities. Prosecutors agreed to dismiss nine remaining charges in the indictment.
Handcuffed and shackled, Drinkman was taken from the courtroom by federal marshals and was to remain in federal custody in Philadelphia. He faces up to 35 years in prison at sentencing by Simandle on Jan. 15.
Drinkman and Smilianets were arrested in the Netherlands in June 2012. Smilianets was brought to the United States that year, while Drinkman was extradited earlier this year after a legal battle.
Drinkman and Kalinin were previously charged in New Jersey as "Hacker 1" and "Hacker 2" in a 2009 indictment charging Albert Gonzalez, 34, of Miami in connection with five corporate data breaches - including the breach of Heartland Payment Systems Inc., which at the time was the largest ever reported.
Gonzalez is serving 20 years in federal prison. Smilianets remains in federal custody. Kalinin, Kotov, and Rytikov remain at large.