Russian Hacker Behind Massive Data Breach Released From U.S. Prison
Russian Hacker Behind Massive Data Breach Released From U.S. Prison
Vladimir Drinkman is escorted by police officers to a hearing at The Hague in 2015. He was a key member of a criminal hacking group that penetrated Heartland Payment Systems, an attack ranked as one of the biggest data breaches of all time.
Vladimir Drinkman is escorted by police officers to a hearing at The Hague in 2015. He was a key member of a criminal hacking group that penetrated Heartland Payment Systems, an attack ranked as one of the biggest data breaches of all time.
A Russian hacker who was convicted for his leading role in one of the largest data thefts in U.S. history has been released from prison after serving most of his 12-year sentence.
Vladimir Drinkman was released from a Pennsylvania jail on October 28, the U.S. Bureau of Prisons told RFE/RL.
U.S. Immigration and Customs Enforcement (ICE) did not respond to an RFE/RL request for comment on whether Drinkman had been turned over for deportation, a process that can take up to several months. Drinkman's lawyer, Igor Litvak, declined to comment. RFE/RL could not immediately reach Drinkman.
Drinkman was a key member of a criminal hacking group that penetrated major U.S. corporations, including Heartland Payment Systems, which at the time it was breached in 2008 was one of the biggest U.S. payment-processing firms. The Heartland attack -- the largest breach in history at the time -- cost the payment company more than $200 million in losses.
Varonis, a U.S.-based cybersecurity firm, ranks the attack on Heartland among the 10 largest data breaches of all time.
The Treasury Department has attributed the distributed denial of service attacks to Killnet, the Russian hacker group that claimed responsibility for disrupting the websites of several U.S. states and airports in October. (illustrative photo)
SEE ALSO:
U.S. Treasury Thwarted Cyberattack By Russian Hacker Group
Chuck Brooks, a cybersecurity expert and adjunct professor at Georgetown University, said the Heartland hack was a "wake-up call" for the payments and financial industries to enhance their cyberdefenses.
He said the breach led to stronger security policies, including a better understanding by CEOs and CFOs of the threats to business sustainability and reputation.
"After the breach, many companies added more stringent data and security policies, including encryption, multifactor authentication, and monitoring of systems and networks," Brooks told RFE/RL.
Heartland also later established the Payments Processing Information Sharing Council (PPISC), which serves as a forum for banks and payment processors to share information about breaches and compliance issues, he noted.
In addition to breaking into Heartland, the hacking gang also breached Nasdaq OMX Group, 7-Eleven, JC Penney, JetBlue Airways, and others, according to prosecutors. In total, they stole the data of more than 160 million credit cards, leading to more than $300 million in damages.
Greg Hunter, a Virginia-based lawyer who has represented cybercriminals from the former Soviet Union, said the Heartland case demonstrated the sophisticated evolution of Russian-speaking hackers.
"This was the beginning of specialization," Hunter told RFE/RL. "Rather than an individual hacker spending a lot of time stealing credit card data and then trying to monetize it, you had guys specializing in breaching the security apparatus of a site, others selling the data."
The appearance of hacker forums was critical to the phenomenon of a division of labor, he said.
Hacker sites "allowed these guys to find each other and work together. A guy who breaches banks could just focus on that, knowing he could find others to either help him know what to get and how to use it, or just buy his services outright," Hunter said.
Bulgarian Prosecutor-General Ivan Geshev (file photo)
SEE ALSO:
Bulgarian Government Hit By Cyberattack Blamed On Russian Hacking Group
Several of the most commonly used forums where hackers bought and sold stolen credit card data and traded tips included Cardplanet and Direct Connection. A Russian man, Aleksei Burkov, was extradited from Israel to the United States and later pleaded guilty in 2020 to U.S. charges related to his oversight of those forums.
He was deported to Russia last year.
According to U.S. court filings, Drinkman and another co-conspirator, Alexandr Kalinin, specialized in penetrating network security and gaining access to the corporate data systems. Drinkman along with a third man, Roman Kotov, also focused on mining the networks to steal valuable data.
Another Russian man, Dmitry Smilyanets, then sold the stolen credit card information on forums for $10 to $50 each and distributed the proceeds of the scheme to the others, according to prosecutors.
Kalinin and Kotov, both of whom are Russian citizens, are believed to still be in Russia.
The information that has been leaked reportedly included "management and operational schedules of different parts of the Bushehr power plant." (file photo)
SEE ALSO:
Iran's Atomic Energy Agency Says Its E-Mail Server Was Hacked
Drinkman was arrested in the Netherlands in June 2012 at the request of the United States, along with Smilyanets.
While Smilyanets cooperated with U.S. authorities and arrived in the United States a few months after his arrest, Drinkman fought his extradition for more than a year.
Ultimately, Drinkman pleaded guilty in 2015 and was sentenced to 12 years in prison, including time served since his arrest. It is one of the harshest sentences given to a Russian hacker.
Drinkman served a total of 10 years and four months, or 86 percent of his sentence. U.S. federal prisoners earn credit each year for good behavior and typically serve 85 percent of their sentence.
Smilyanets was sentenced to just time served, or less than six years, and currently resides in the United States, where he works as a cyberthreat intelligence analyst.
Vladimir Drinkman is escorted by police officers to a hearing at The Hague in 2015. He was a key member of a criminal hacking group that penetrated Heartland Payment Systems, an attack ranked as one of the biggest data breaches of all time.
Vladimir Drinkman is escorted by police officers to a hearing at The Hague in 2015. He was a key member of a criminal hacking group that penetrated Heartland Payment Systems, an attack ranked as one of the biggest data breaches of all time.
A Russian hacker who was convicted for his leading role in one of the largest data thefts in U.S. history has been released from prison after serving most of his 12-year sentence.
Vladimir Drinkman was released from a Pennsylvania jail on October 28, the U.S. Bureau of Prisons told RFE/RL.
U.S. Immigration and Customs Enforcement (ICE) did not respond to an RFE/RL request for comment on whether Drinkman had been turned over for deportation, a process that can take up to several months. Drinkman's lawyer, Igor Litvak, declined to comment. RFE/RL could not immediately reach Drinkman.
Drinkman was a key member of a criminal hacking group that penetrated major U.S. corporations, including Heartland Payment Systems, which at the time it was breached in 2008 was one of the biggest U.S. payment-processing firms. The Heartland attack -- the largest breach in history at the time -- cost the payment company more than $200 million in losses.
Varonis, a U.S.-based cybersecurity firm, ranks the attack on Heartland among the 10 largest data breaches of all time.
The Treasury Department has attributed the distributed denial of service attacks to Killnet, the Russian hacker group that claimed responsibility for disrupting the websites of several U.S. states and airports in October. (illustrative photo)
SEE ALSO:
U.S. Treasury Thwarted Cyberattack By Russian Hacker Group
Chuck Brooks, a cybersecurity expert and adjunct professor at Georgetown University, said the Heartland hack was a "wake-up call" for the payments and financial industries to enhance their cyberdefenses.
He said the breach led to stronger security policies, including a better understanding by CEOs and CFOs of the threats to business sustainability and reputation.
"After the breach, many companies added more stringent data and security policies, including encryption, multifactor authentication, and monitoring of systems and networks," Brooks told RFE/RL.
Heartland also later established the Payments Processing Information Sharing Council (PPISC), which serves as a forum for banks and payment processors to share information about breaches and compliance issues, he noted.
In addition to breaking into Heartland, the hacking gang also breached Nasdaq OMX Group, 7-Eleven, JC Penney, JetBlue Airways, and others, according to prosecutors. In total, they stole the data of more than 160 million credit cards, leading to more than $300 million in damages.
Greg Hunter, a Virginia-based lawyer who has represented cybercriminals from the former Soviet Union, said the Heartland case demonstrated the sophisticated evolution of Russian-speaking hackers.
"This was the beginning of specialization," Hunter told RFE/RL. "Rather than an individual hacker spending a lot of time stealing credit card data and then trying to monetize it, you had guys specializing in breaching the security apparatus of a site, others selling the data."
The appearance of hacker forums was critical to the phenomenon of a division of labor, he said.
Hacker sites "allowed these guys to find each other and work together. A guy who breaches banks could just focus on that, knowing he could find others to either help him know what to get and how to use it, or just buy his services outright," Hunter said.
Bulgarian Prosecutor-General Ivan Geshev (file photo)
SEE ALSO:
Bulgarian Government Hit By Cyberattack Blamed On Russian Hacking Group
Several of the most commonly used forums where hackers bought and sold stolen credit card data and traded tips included Cardplanet and Direct Connection. A Russian man, Aleksei Burkov, was extradited from Israel to the United States and later pleaded guilty in 2020 to U.S. charges related to his oversight of those forums.
He was deported to Russia last year.
According to U.S. court filings, Drinkman and another co-conspirator, Alexandr Kalinin, specialized in penetrating network security and gaining access to the corporate data systems. Drinkman along with a third man, Roman Kotov, also focused on mining the networks to steal valuable data.
Another Russian man, Dmitry Smilyanets, then sold the stolen credit card information on forums for $10 to $50 each and distributed the proceeds of the scheme to the others, according to prosecutors.
Kalinin and Kotov, both of whom are Russian citizens, are believed to still be in Russia.
The information that has been leaked reportedly included "management and operational schedules of different parts of the Bushehr power plant." (file photo)
SEE ALSO:
Iran's Atomic Energy Agency Says Its E-Mail Server Was Hacked
Drinkman was arrested in the Netherlands in June 2012 at the request of the United States, along with Smilyanets.
While Smilyanets cooperated with U.S. authorities and arrived in the United States a few months after his arrest, Drinkman fought his extradition for more than a year.
Ultimately, Drinkman pleaded guilty in 2015 and was sentenced to 12 years in prison, including time served since his arrest. It is one of the harshest sentences given to a Russian hacker.
Drinkman served a total of 10 years and four months, or 86 percent of his sentence. U.S. federal prisoners earn credit each year for good behavior and typically serve 85 percent of their sentence.
Smilyanets was sentenced to just time served, or less than six years, and currently resides in the United States, where he works as a cyberthreat intelligence analyst.