Two Russian nationals were given long-term prison sentences earlier this week, having been found guilty of compromising 160 million credit card numbers leading to the loss of “hundreds of millions of dollars,” the United States Department of Justice said Thursday. Vladimir Drinkman who pleaded guilty to a conspiracy to commit wire fraud affecting a financial institution and a conspiracy to commit unauthorized access of protected computers was given 12 years in prison. Dmitriy Smilianets who admitted to the same wire fraud was sentenced to four years, three months, and 21 days in prison. The verdict was passed by New Jersey-based U.S. District Judge Jerome B. Simandle who also heard the original guilty pleas from the defendants given in September 2015.
Following their prison sentences, Smilianets will be put on a five-year probation period, whereas Drinkman was given three additional years of supervised release. The DOJ said the criminal scheme ran by the two culprits was one of the largest such operations ever prosecuted in the U.S. Now 37-year-old Drinkman and 34-year-old Smilianets were arrested in the Netherlands in late June 2012, with the latter being extradited to the U.S. in September of the same year. Drinkman was extradited in February 2015 and pleaded guilty to the charges against him shortly after. Both convicts have been described by the prosecutors as highly proficient computer users who leveraged their tech skills to illegally infiltrate various networks, steal credit card information, and sell it for profit. Besides compromising tens of millions of credit cards in such a manner, they directly contributed to the creation of a massive underground market for hacked credit card information, the DOJ said.
The defendants and three other co-conspirators who remain at large were alleged to have compromised computer networks of numerous organizations in the last decade, including 7-Eleven, NASDAQ, Euronet, Global Payment, Dow Jones, and JetBlue. Initial breaches were frequently obtained through traditional SQL injection attacks after which the attackers would leave malware that would permit them continued access to the compromised networks. Drinkman and another co-conspirator were also charged as part of a 2009 indictment which saw Miami-based Albert Gonzalez, 34, sentenced to 20 years in prison due to five data breaches including the 2008 hack of the Heartland Payment Systems which was the largest report incident of its kind at the time.