Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

2/18/2015
05:00 PM
Connect Directly
Twitter
RSS
E-Mail
100%
0%

Russian Hacker Who Hit Heartland, NASDAQ, Extradited To US

Vladimir Drinkman, cohort of Albert Gonzalez, appears before US federal court after arrest and extradition by Dutch authorities.

A man alleged to be the network penetration specialist for the "largest international hacking and data breach scheme ever prosecuted in the US" appeared in federal court in Newark, N.J. Tuesday.

Pursuing Russian nationals for cybercrime charges is often difficult, because Russia rarely extradites its citizens. However, Vladimir Drinkman, 34, of Syktyykar and Moscow, was extradited to the United States by Dutch authorities, who'd detained Drinkman since arresting him in June 2012 while he was traveling in the Netherlands.

Drinkman pleaded "not guilty" to all 11 charges. He will be held without bail until his trial, scheduled for April 27. 

In a federal indictment unsealed in July 2013, Drinkman and four others were charged with attacks on NASDAQ, 7-Eleven, Carrefour, JCP, Hannaford, Heartland, Wet Seal, Commidea, Dexia, JetBlue, Dow Jones, Euronet, Visa Jordan, Global Payment, Diners Singapore and Ingenicard. Court documents assert that the attackers stole identity information and more than 160 million credit card numbers, causing hundreds of millions of dollars in losses.

Drinkman "specialized in penetrating network security and gaining access to the corporate victims’ systems," usually via SQL injection exploits, according to the Department of Justice.

Drinkman was also charged in 2009 for his role in five other breaches, including the one at Heartland Payment Systems. He was charged as "Hacker 1," alongside Alexandr Kalinin, 26, of St. Petersburg, Russia (charged as "Hacker 2") and Albert Gonzalez of Miami.

Kalinin is still at large. Gonzalez is in federal prison, serving a 20-year sentence after being convicted in 2010 for his role in the TJX breach.

“Hackers often take advantage of international borders and differences in legal systems, hoping to evade extradition to face justice," said Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division, in a statement. "This case and today's extradition demonstrates that through international cooperation, and through great teamwork between the Department of Justice and the Department of Homeland Security, we are able to bring cyber thieves to justice in the United States, wherever they may commit their crimes.”

“Drinkman’s extradition on the indictment this office brought more than a year and a half ago shows how relentlessly we will pursue those who are charged with these serious crimes,” said U.S. Attorney Paul J. Fishman of the District of New Jersey.  “The incredibly sophisticated work with our partners at the U.S. Secret Service to uncover this enormous, far-reaching scheme demanded an equal effort by our colleagues at the Department of Justice Criminal Division in Washington and our law enforcement partners overseas to bring the defendant back to face these charges.”

The ongoing investigation is being led by the U.S. Secret Service. The Computer Crime and Intellectual Property Section of the U.S. Department of Justice's Criminal Division is leading the prosecution. The Dutch Ministry of Security and the Dutch National Police's National High-Tech Crime unit assisted with the case.

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
2/23/2015 | 4:52:03 PM
Re: Lucked out
Who knows, maybe the prosecution will get lucky and he'll turn evidence on his cohorts...
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
2/19/2015 | 12:42:45 PM
Lucked out
Wow they lucked out that he left RU, as otherwise I couldn't ever see them getting ahold of him. 

I get the feeling this guy is in for a rough time though. They'll want to throw away the key on him to make a point. 
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-29040
PUBLISHED: 2021-05-16
The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and 7.2 before fix pack 10 may provide overly verbose error messages, which allows remote attackers to use the contents of error messages to help launch another, more focused att...
CVE-2021-29041
PUBLISHED: 2021-05-16
Denial-of-service (DoS) vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by (1) enabling Time-based One-time password (TOTP) on behalf of the other user or (2) modifying the othe...
CVE-2021-29047
PUBLISHED: 2021-05-16
The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it is used, which allows remote attackers to repeatedly perform actions protected by a CAPTCHA challenge by reusing the same CAPTCHA answer.
CVE-2021-22668
PUBLISHED: 2021-05-16
Delta Industrial Automation CNCSoft ScreenEditor Versions 1.01.28 (with ScreenEditor Version 1.01.2) and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code.
CVE-2021-29039
PUBLISHED: 2021-05-16
Cross-site scripting (XSS) vulnerability in the Asset module's categories administration page in Liferay Portal 7.3.4 allows remote attackers to inject arbitrary web script or HTML via the site name.