The US Department of Justice today announced charges against five individuals who allegedly pulled off the largest hacking and data breach scheme in US history — a scheme that ran from 2005 through last year that resulted in 160 million stolen credit card numbers. According to the indictment, four Russian men and a fifth from the Ukraine attacked major corporations including NASDAQ, 7-Eleven, Carrefour, JCP, Hannaford, Heartland, Wet Seal, Commidea, Dexia, JetBlue, Dow Jones, Euronet, Visa Jordan, Global Payment, Diners Singapore and Ingenicard. During the course of their thefts, the group allegedly recovered usernames, passwords, and other personal identification info in addition to the credit card numbers through an SQL injection attack. From there, the defendants allegedly sold the data around the world.
It sounds like this new case is an outgrowth of a 2009 indictment that sent a Miami man named Albert Gonzalez to prison for 20 years — that case was previously considered the largest data breach ever prosecuted in the US. Two of the five defendants, Vladimir Drinkman and Alexandr Kalinin, were also charged as unnamed defendants "Hacker One" and "Hacker Two" in the 2009 case. Drinkman, along with defendant Dmitriy Smilianets were arrested on United States authority in the Netherlands in June of 2012 — Smilianets has since been extradited back to the US and will soon be arraigned in New Jersey. The other three defendants remain at large. These new charges could land the accused in prison for even longer than Gonzalez — the most severe charges of wire fraud and conspiracy to commit wire fraud carry 30-year jail terms.