US authorities have arrested five men alleged to have carried out the ‘largest ever’ hacking and data breach scheme, which targeted corporate networks at major institutions such as Dow Jones, Carrefour and Nasdaq, and stole data on 160 million credit cards, costing $300m.
The arrests were carried out by New Jersey officers in conjunction with the US Secret Service and Department of Justice, in a coordinated case against the alleged attackers. US attorney Paul Fishman cited the scale of the operation as proof cyber crime is a major threat to the economy.
“This type of crime is the cutting edge. Those who have the expertise and the inclination to break into our computer networks threaten our economic well-being, our privacy, and our national security,” he said.
“This case shows there is a real practical cost because these types of frauds increase the costs of doing business for every American consumer, every day. We cannot be too vigilant and we cannot be too careful.”
The five men arrested were all of Russian origin and have been picked up during the past few months at the request of the US and extradited to the country. The accused had numerous roles, such as penetrating network security systems, mining data and providing anonymous web hosting for the attacks.
The authorities revealed that the gang used SQL attacks to enter the network, often waiting for many months to gain access by installing malware in their systems to create back-door entry points.
The authorities said the defendants used the access to the networks to install ‘sniffer’ programmes to identify, collect and steal data from the victims’ computer networks. The defendants used computers around the world to store the data and sell it on.
“In some cases, the defendants lost access to the system due to companies’ security efforts, but were able to regain access through persistent attacks,” the authorities added.
This helped them take data on 160 million credit cards, at a conservative estimate, which were sold for varying prices, from $10 for each stolen American credit card number and associated data, to $50 for each European credit card number and $15 for each Canadian credit card number.
The authorities said this led to losses of at least $300m for the firms targeted, although it is likely to be far higher in reality. Firms targeted included 7-Eleven, Heartland, JetBlue, Euronet, Global Payment and Diners Singapore.
The US pledged it would continue to tackle high-end cyber crime and work with authorities around the world to ensure it got its targets.
“As is evident by this indictment, the Secret Service will continue to apply innovative techniques to successfully investigate and arrest transnational cyber criminals,” said special agent James Mottola of the Newark Field Office.
“While the global nature of cyber crime continues to have a profound impact on our financial institutions, this case demonstrates the global investigative steps that US Secret Service Special Agents are taking to ensure that criminals will be pursued and prosecuted no matter where they reside.”
Including a 15-inch Intel Core-powered device weighing less than a bag of sugar
Tuomo Suntola's ALD technology extended Moore's Law, but was only adopted by chip-makers in 2007
Trump proposes a $1.3bn fine and a round of firings to un-bork ZTE
Findings could mean new optical frequencies to transmit more data along optical cables