An alleged Russian hacker pleaded not guilty Tuesday to breaching the computers of 16 companies, including NASDAQ and 7-Eleven, and stealing more than 160 million credit card numbers. Vladimir Drinkman, 34, of Syktyykar and Moscow, Russia appeared in a federal court in Newark, N.J., after Dutch authorities extradited him Friday to the United States to face 11 charges in what the Justice Department called the “largest international hacking and data breach scheme ever prosecuted” in the U.S. He is being held without bail.
An indictment, unsealed in 2013, says Drinkman and Alexandr Kalinin, 28, of St. Petersburg, Russia, allegedly specialized in penetrating elaborate network security to gain access to the companies’ computers. They worked with other hackers to mine the data and then sell it. Drinkman’s attorneys Bart Stapert and Florian Miedel said in a statement their client would fight the charges.
“Over the coming weeks and months, he will finally be able to receive and confront what the government claims is the evidence against him,” the attorneys said. “But most of all, Mr. Drinkman seeks to return to his home in Russia as soon as possible, so his 3-year- old daughter will not grow up without knowing her father.” The cyber criminals allegedly struck J.C.Penney, Hannaford, Heartland Payment Systems, Wet Seal, Commidea, Dexia, JetBlue, Dow Jones, Euronet, Visa Jordan, Global Payment, Diners Singapore, French retail chain Carrefour, and Ingenicard, in addition to 7-Eleven and NASDAQ, the indictment said. The indictment accuses the hackers of stealing user names, passwords, means of identification, and credit and debit card numbers.
U.S. Attorney Paul Fishman called the hacking operation an “enormous, far-reaching scheme.” The hackers allegedly infiltrated the databases by finding vulnerabilities in the programming codes used to manage data. They then inserted malicious code, known as malware, into the system, creating a backdoor the hackers could enter at will to access and steal the data. Instant message chats obtained by federal agents show the hackers allegedly maintained access at some companies for more than a year.
To evade law enforcement, the hackers stored the data on computers around the world. They sold the data, called “dumps,” on underground online identity theft forums. The hacker tasked with selling the data stole American credit card numbers for $10 each and offered discounts for bulk purchases.