Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
United States Crime Security The Courts

Five Charged In Largest Hacking Scheme Ever Prosecuted In US 84

Posted by samzenpus
from the doing-the-time dept.
wiredmikey writes "US authorities have charged four Russians and a Ukrainian five on charges of running a global hacking operation that targeted major payment processors, retailers and financial institutions. The charges stem from hacking attacks dating back to 2005 against several global brands, including the NASDAQ exchange, 7-Eleven, JC Penney, Hannaford, Heartland, JetBlue, Dow Jones, Euronet, Visa Jordan, Global Payment, Diners Singapore and Ingenicard. The men allegedly used SQL injection attacks as the initial entry point into the computer systems of global corporations. Once networks were breached, the defendants allegedly placed malware on the systems. According to the indictment (PDF), the malware used created a "back door," leaving the system vulnerable and helping the defendants maintain access to the network. The men face five years in prison for conspiracy to gain unauthorized access to computers; 30 years in prison for conspiracy to commit wire fraud; five years in prison for unauthorized access to computers; and 30 years in prison for wire fraud."
This discussion has been archived. No new comments can be posted.

Five Charged In Largest Hacking Scheme Ever Prosecuted In US

Comments Filter:
  • "US authorities have charged four Russians and a Ukrainian five on charges of running a global hacking operation [...]

  • by PerformanceDude (1798324) on Friday July 26, 2013 @02:16AM (#44388891)
    Even though the actions of these low-life, sewer-dwelling misfits angers me, I can't help but wonder why the punishment in the US is on a scale that you wouldn't even get for premeditated murder in most other countries. Aaron Swartz payed the ultimate price for such over the top threats of deprivation of liberty.

    At what point does the punishment no longer fit the crime? Sure, confiscate all the profits, bankrupt them, take all their assets and lock them up for a couple of years. But 30-40 years? For real? Why not just send them to Mars or something? Locking them up for 5 years without access to computers would ensure that when they get out their hacking skills would be so redundant they could never do it again.

    Isn't the justice system supposed to be about a balance between punishment and reformation - not about revenge?

    • by OhANameWhatName (2688401) on Friday July 26, 2013 @02:20AM (#44388903)

      At what point does the punishment no longer fit the crime?

      When the people controlling money are making the laws.

      • Snowden Kickback? (Score:5, Insightful)

        by FriendlyLurker (50431) on Friday July 26, 2013 @03:07AM (#44389077)
        The indictment is from 2009. Two of the 5 men were arrested last year. The other three men are on the run most likely hiding out somewhere in Russia, and suddenly this is offered up as new "news" for the masses to contemplate. Could we be seeing some Snowden kickback - time to drag the words "Russia"/"Russian" through the dirt as much as possible for not handing over the US whisteblower Edward Snowden. The battle here is all about public opinion, after all - because they sure cant win against him based on morality, or even the law [guardian.co.uk].
        • by Zemran (3101)

          Why would they hide if they are in Russia? There is no option of extradition from Russia so they just get on with their lives. In reality they will wait a few years until they are forgotten and change their names to get a new passport in a new name and they will be free to travel etc. just like anyone else. The US likes to make out that it runs the world but it is only Europe and south America that can stop laughing when the US barks.

          • Maybe your right. Or maybe they have watched the US continually lower the bar for illegally kidnapping people [guardian.co.uk]... (sorry it is called "extraordinary rendition" now). If not kidnapping then you never know when politicians will cut a deal that happens to includes your head...
    • Re: (Score:2, Informative)

      by Anonymous Coward

      How much money did they _actually_ steal or cause to get stolen/lost anyway? Compare with how much MF Global stole:
      http://en.wikipedia.org/wiki/MF_Global#October_2011:_MF_Global_transfers_client_account_funds_to_its_own_account [wikipedia.org]

      On October 31, 2011, MF Global reported the shortfall in customer accounts at $891,465,650 as of close of business on Friday, October 28, 2011.[19][20] According to the trustee overseeing liquidation the shortfall may be as large as $1.6 billion.[21][22][23]

      As of August 16, 2012, criminal investigators had concluded charges against Corzine, or any other of MF Global's former executives or employees would be unlikely

      Yeah I know 160 million credit cards works out to a lot of damage depending on how you count it, but the MF Global bunch are walking despite actually taking and losing the money.

    • by Thanshin (1188877)

      What causes more economic loss to a corporation? Murder? Or attacking payment processors.

      You expect crimes to be judged by humane reasons while they are judged by economic reasons.

      You probably also believe that all people should be equal, but you live in a world that clearly disagrees and believes people are valued by their economic value (both possessions and influence in the economy).

      In some centuries, humans will have stories about the dark ages where the humans were judged by their economic value, just

    • by IamTheRealMike (537420) <mike@plan99.net> on Friday July 26, 2013 @03:02AM (#44389057) Homepage

      Yeah, that's what I thought on reading the summary too. 30 years for wire fraud?

      I read an interesting article in the Economist [economist.com] the other week. It suggested that countries where children are spanked tend to have populations that support harsher prison sentences.

      People who as children experienced the “powerlessness” of frequent spankings report a disproportionately greater interest later in life to own guns, Mr Pfeiffer says. They also demand more draconian prison sentences, including the death penalty, for convicted criminals. And they seem more prone to violence themselves. In a study of 45,000 ninth-graders Mr Pfeiffer conducted in 2007-08, those kids who had been beaten by their parents were five times as likely to commit repeated crimes or to use cannabis, and missed school four times more frequently for ten days a year or more.

      Scandinavian countries, in part inspired by the children’s books of Astrid Lindgren, the author of the popular Pippi Longstocking (pictured) series, were the first to make spanking illegal for teachers in the 1950s and 60s. Between 1979 und 1983, they also outlawed spanking by parents. Crime rates, gun ownership and prison populations have been falling since.

      By contrast, spanking is still common in large parts of America, especially in the Evangelical milieus of Southern states. This is also where crime remains relatively high, gun ownership common, and incarceration excessive. (America’s incarceration rate is between eight to ten times that of northern European countries.)

      Correlation does not imply causation and all that, but it's still an interesting theory as to why the US is so far out of step with the rest of the world on crime and punishment.

      • by Anonymous Coward

        Correlation does not imply causation and all that, but I'm still going to infer it anyway, just because I want it to fit.

        Fixed that for you.

      • by jrumney (197329)

        By contrast, spanking is still common in large parts of America, especially in the Evangelical milieus of Southern states. This is also where crime remains relatively high, gun ownership common, and incarceration excessive.

        It doesn't take much research to see that gun ownership [wikipedia.org] is common in Scandanavia too, compared with the rest of the world. So in this case, it is not even a case of correlation != causation, but of a journalist making up "facts" to sell a magazine.

      • by argStyopa (232550)

        Well, the first thing I'd point out is that "Crime rates... have been falling since." is *also* true for those barbaric Americans that "beat their children". Gun ownership and prison populations not so much. And FWIW in populations in the US that are comparable to the nearly-homogeneous Scandinavian countries crime rates are pretty much the same.

        It's funny, because my reaction to the story (before I read the comments) was that they should just give them the death penalty. This isn't "revenge" - it's util

        • by swillden (191260)

          although I've never owned a gun as I don't see the value exceeds the absolute increase in danger.

          You are aware that the old studies that purported to show that gun owners are more likely to get shot than non gun-owners have been completely and thoroughly debunked, aren't you? Your statistical likelihood of being a victim of gun violence has everything to do with your lifestyle.

          • by argStyopa (232550)

            You couldn't know it, but my calculus includes a family home with teenagers (themselves a risk group IMO) as well as one adult diagnosed and medicated as a depressive (not me).

            Simultaneously we live in a 99.3% white rural community of 1500 in an affluent county in Minnesota. Our risk factors being the target for a home break-in or armed robbery are about as low as anywhere in the US.

            While I agree with your point ceteris paribus, there is little imminent threat and strong reasons not to own one at this time

            • by swillden (191260)

              You couldn't know it, but my calculus includes a family home with teenagers (themselves a risk group IMO) as well as one adult diagnosed and medicated as a depressive (not me).

              Unfortunately, mine includes the same (teenagers plus one suicidal person). It just means that I keep my guns locked up.

              Note that I'm not criticizing your decision, and wasn't to begin with. I just wanted to make sure you weren't basing it on incorrect information.

        • for those barbaric Americans that "beat their children".

          This reminds of an incident a friend of mine had in a Wall-Mart once. His son (a toddler) went crazy and he had to put the smack down with a little corporal punishment (yeah, in Wal-Mart). An older lady witnessed the event and sprung on him with some judgmental words. He snapped back and said that if he didn't spank him now that his son would sneak up behind her in ten years in slit her throat. He asked her if that is what she wanted. End of conversation. How is this relevant or on-topic? IDK

      • by Anonymous Coward

        The largest, most powerful, most expensive government AND world empire (with military bases in some 150 countries around the world) needs to justify their lucrative business. At some point in the continuous expansion of this business, they will need to leave ethics and logic in the dust, and demand "tougher" everything. Coercive authority trumps common sense, and the power elite know this better than anyone.

        To simplify, there's more money to be made in a police state than a free state. That's really all the

      • by drinkypoo (153816)

        I read an interesting article in the Economist the other week. It suggested that countries where children are spanked tend to have populations that support harsher prison sentences.

        Sure. People stupid enough to support harsh prison sentences when it's been proven that they don't make people better people are also stupid enough to fail to understand that violence begets violence and that when you are employing violence because you are out of other options, you are a failure.

      • by Nyder (754090)

        I was spanked as a kid, I smoke weed (and done worse drugs), I've been to jail.

        Ya, I blame the spanking, not that fact that I choose to do the actions that led me to jail and smoking weed. (Sarcasm here)

        While upbringing does affect who you are, when it come down to it, you choose to do shit. No one forced me to be a druggy, no one forced me to shoplift, no one forced me to sell drugs. I choose that path. And it was a crappy path and I also choose to change it. And I did.

        I didn't need a 12 step progra

    • by sosume (680416)

      It is strange that one can be convicted for both conspiracy to commit wire fraud and for the wirefraud itself. I thought the 'conspiracy to ..' is a provision in law for when no actual crime has been commited? Otherwise you can convice everyone twice, once for conspiring, and then again for the actual thing. Conspiracy to a DUI .. and then the DUI itself. Weird line of reasoning.

      • by Anonymous Coward

        The difference between the two charges is that conspiracy is about working with others to help plot / plan / execute the wiretapping. Basically, they're charged with wiretapping, and helping others do the same.

      • by Blaisun (2763413)
        That is assuming that those charges are for the same crime. More than likely, with the laundry list of business hit, that they conspired on some, and actually performed others.....
    • by metrix007 (200091)

      Of course it is. "Hackers" and copyright infringes often get more than murders and rapists while posing far less threat to society.

      Something is seriously wrong.

    • by Kookus (653170)

      Locking them up for 5 years without access to computers would ensure that when they get out their hacking skills would be so redundant they could never do it again.

      I'm pretty sure the analogy to riding a bike applies to hacking. It might take a weekend to catch up on any syntax/language changes. SQL has been around for almost 40 years, and I'm pretty sure experts could catch up real quick if they were locked up in a box for the last 30.

  • by Anonymous Coward

    Too bad about the "ever prosecuted" qualifier or the NSA would be so eligible.

  • On the other hand (Score:5, Interesting)

    by Anonymous Coward on Friday July 26, 2013 @02:25AM (#44388939)

    The USA has a nasty habit of not submitting its own citizens to foreign laws but sanctions over Edward Snowden might result in Russia playing the same game. For some time Russia has been the cyber-criminal capital so sanctions would result in the USA shooting itself in the foot. Not that it would help these criminals; they were arrested in Holland.

  • by Anonymous Coward

    From the article: "Two of the five men -- Drinkman and Smilianets -- were arrested while traveling in the Netherlands last year and have been extradited to the U.S. to face charges. The other three remain at large."

    I suspect that they'll go to some lengths to remain at large...

  • by Anonymous Coward on Friday July 26, 2013 @02:46AM (#44389007)

    'Someone' broke into the banking system and leaked a selection of bank transactions for places like the British Virgin Islands with a story that these are tax-haven stuff, and then leaked a much larger file, many thousand times bigger direct to UK/Aus/NZ/Can full of *everyone's* bank transactions. Why aren't we hunting for these 'crooks' who broke in and stole all this financial info?

    (April 2013 Leak of bank transaction data):
    http://www.guardian.co.uk/uk/2013/apr/03/offshore-secrets-offshore-tax-haven
    IMHO this was NSA or GCHQ leaking emails and SWIFT data it intercepted, I worked on a system known as SEPA which is due to take over from SWIFT by next year and will secure Euro transactions from US surveillance. As soon as this leak happened it was just before a G7 meeting with the agenda of clamping down on tax havens. So it looked like lobbying fodder to force the outcome of that meeting and try to get access to SEPA.

    (May 2013, G7 Nations agree to fight tax havens):
    http://articles.economictimes.indiatimes.com/2013-05-11/news/39186824_1_tax-havens-transfer-pricing-rules-tax-authorities

    And the Canadian Feds (and presumably the spooks too), as a result got access to the bank data:
    http://business.financialpost.com/2013/05/10/tax-havens-probe-canada/

    I'm guessing the NSA got a feed as part of 5 eyes:

    "OTTAWA — The federal government says it will get access to relevant Canadian information stemming from a sweeping offshore tax-evasion investigation being conducted by the United Kingdom, United States and Australia."

    See how it works? Collect all the info, use it as leverage to get more, leak against opponents, put friendlies in power.

  • I noticed how they qualified that with "Prosecuted in the US" since we know that the people behind the largest hacking schemes in the US will never get prosecuted.

    • by Thanshin (1188877)

      "Kill one man, and you are a murderer. Kill millions, and you are a conqueror. Kill everybody, and you are a god." - Jean Rostand.

  • they just wanna go to Russia so they can grab snowden in the airport on there way through

  • So can someone explain to me how you can be convicted of both conspiring to do wire fraud AND for doing it? Doesn't the latter cancel out the former, or do you also get convicted of conspiracy to attempt a murder, attempted murder AND murder when you kill someone?
    • by Tyr07 (2300912)

      Conspiring can happen without doing wire fraud, you get charged for that.
      Wire fraud itself, could happen without you conspiring with other people, therefore, is just wire fraud.

      Plus they want to put as many charges on you as possible, and see which ones they're able to stick based on evidence.

      • Reminds me of how people try to fix problems at work, a flurry of trying shit in the hopes that something fixes the problem. Logic and facts be damned.

    • So can someone explain to me how you can be convicted of both conspiring to do wire fraud AND for doing it? Doesn't the latter cancel out the former, or do you also get convicted of conspiracy to attempt a murder, attempted murder AND murder when you kill someone?

      Conspire to murder person A, attempt to murder person B and actually murder person C. Someone else can take the wire fraud analogy.

  • The nerve! (Score:4, Interesting)

    by Anonymous Coward on Friday July 26, 2013 @03:09AM (#44389081)

    How DARE they steal all that money before the bankers could steal it!

    Hacking is irrevelant when the global economy went to shit. And the people who did THAT will never see the inside of a jail cell.

    And now we spent even more finding these 'hackers'.

    We are not smart...

  • by Anonymous Coward

    This is going to be the foreign criminals that gonzalez was referencing when he filed his habeas corpus petition a bit back (http://www.bankinfosecurity.com/gonzalez-seeks-guilty-plea-withdrawal-a-3527). He's an unindicted co-conspirator in the indictment, and there is some overlap in the crimes for instance the heartland hacks.

  • It's not about the money, it's about sending a message: Do not compete with the government. ;)

  • by Anonymous Coward

    "Molesting a dead horse."

  • If I pour crude oil into the ocean, destroy the livelyhoods of fishing communities and kill a few of people on an oil platform in a gas fire (and destroy some evidence), I'll get a couple of hundred $k fine. If I buy a gun and go out and shoot the same number of people (and survive the manhunt) I'll get the rest of my life being a jailhouse bitch. Now, I wonder which I would choose?? Haliburton, do you have any vacancies???
    • by mjwalshe (1680392)
      or if your the state oil company you say "sovereign immunity - screw you gringo" which is what happened when the Mexican state oil co leaked even more oil than BP did.
  • Prepared statements have many advantages ranging from cleaner code to the huge security benefits. Why aren't these guys using them? Or is it more insidious in that the library that these guys are using for prepared statements has some kind of hole? I wish that a NTSB type group would examine these larger data breaches and produce a public report.

    For example. I somewhat sanitize the input from users. But I do rely on prepared statements to make SQL injection impossible. Thus if library X.3 is somehow susc
    • Given the wide range of companies targeted by this group, I'm inclined to believe that there was some bit of underlying software they all used that had a vulnerability for the hackers to exploit. Otherwise I'm not sure I believe that 5 hackers alone managed to compromise diverse systems developed independently from each other; finding SQL injection vulnerabilities is like probing for weak spots in armor, it's a very time consuming process that can't be automated (decently) and often ends in failure despite

  • by Joe_Dragon (2206452) on Friday July 26, 2013 @07:14AM (#44389817)

    Why hack 7-Eleven and get 30 years when you can do the easyer way of just going to one getting a gun out getting the cash and if you do go to lock it's likely to be state and less time.

    • by PPH (736903)

      Or use the Goldman Sachs ploy: Get Congress to except your chosen scheme from anti fraud, gambling and other statues. Then proceed to profit at will.

  • Here is the text in Russian language from Ukrainian news website:

    http://dumskaya.net/news/odessit-prinyal-uchastie-v-krupnejshej-hakerskoj-028307/ [dumskaya.net]

    The alleged Ukrainian hacker claims legitimate business hosting business and right violation.
  • interesting (Score:4, Insightful)

    by slashmydots (2189826) on Friday July 26, 2013 @08:17AM (#44390125)
    A monkey could write code that's not vulnerable to SQL injections. You'd almost have to try to add that vulnerability to your software these days because even my intern knows how they work and how to use stored procedures or even regex filters. So all they really did was point out companies that are completely inept when it comes to security.
    • by DRMShill (1157993)

      Totally I mean look at these companies. The way they dress down their security. They're pretty much asking for it. I think the blame is 50 50 here. Also a computer's software has a way of shutting down legitimate intrusions.

      • Yeah, it's 50% HR's fault for hiring and unqualified programmer and 50% the programmer's fault for writing it like crap.
  • If you're going to steal from millions of Americans, make sure you're a big bank if you want to get away with it.
  • ...about SQL injections [xkcd.com]

  • Given that the NSA has imposed a totalitarian surveillance state on us, why can't it stop these things from happening?
    Sadly, the point of the NSA surveillance isn't crime prevention, it's political control.

    Did the America I knew and loved ever really exist? Or were my history books just effective marketing campaigns?

  • Anyone know who the lawyers / firms are that are defending them in this action?

Chemist who falls in acid is absorbed in work.

Working...