Photographer: Jerry Lampen/AFP via Getty Images
Russian defendant Vladimir Drinkman (left) is escorted by police officers at the courthouse in The Hague on Jan. 13.
Muscovites
Vladimir Drinkman and Dmitriy Smilianets met online in 2003, playing
Counter-Strike, a PC shooting game. Pitting terrorists against security
agents, Counter-Strike, released in 1999, has long been notorious for
the “hacks” that players could use to gain advantages by altering the
game’s code. Tweak the program one way, and you can fire weapons through
walls; another way, and your cross hairs automatically track enemies.
U.S. authorities are concerned about a different kind of hack: They’ve
charged Drinkman and Smilianets in the biggest data-breach prosecution
in U.S. history.
The federal indictment accuses the men of
stealing 160 million credit card numbers by hacking into the systems of
at least 17 companies, including foreign operations of Visa and Discover
Financial Services as well as 7-Eleven, the Hannaford Bros. grocery
chain, French grocer Carrefour, and Heartland Payment Systems, which
processes payments for hundreds of thousands of businesses. Prosecutors
allege that Drinkman penetrated corporate networks while Smilianets sold
stolen cardnumbers online, and that their hacks at just three of the companies caused losses of more than $300 million. Three other alleged co-conspirators, two from Russia and one from Ukraine, remain at large.
In the indictment, the prosecution alleges that, beginning in 2005, Drinkman and Smilianets were part of a group of hackers who collaborated through simple methods to attack companies’ websites and infiltrate their databases. The hackers disabled security programs designed to log traffic to and from the networks, rented the servers they used for attacks under false names, and communicated through a series of online aliases. On black market websites, they charged $10 per stolen U.S. card, $15 for Canadian cards, and $50 for European ones, according to the indictment. Credit card thief Albert Gonzalez, now serving two concurrent 20-year prison terms, was convicted of, among other things, participating in several of the attacks.
Smilianets,
29, has pleaded not guilty and is awaiting trial in jail in Morristown,
N.J., having agreed to be extradited shortly after his arrest in
Amsterdam. Drinkman, 34, is sitting in a Dutch prison awaiting a Jan. 27
final ruling on his extradition to the U.S., which he’s been fighting
for two and a half years. In an interview with Bloomberg Businessweek,
his first with American media, he says he’s innocent of the charges and
that he’s not the hacker the U.S. Department of Justice claims.
“ ‘Hacker’ is an elastic notion,” he says. “Now every third person is
called a hacker because he has technical skills, and not because he is
actually using them.”Smilianets’s father, Viktor, says his son is considering a plea deal but wonders about the strength of the evidence against him, as the authorities don’t possess his computer. Through a spokesman, U.S. Attorney Paul Fishman says prosecutors are “confident that we have sufficient evidence to obtain a conviction at trial,” declining to comment further.
Drinkman grew up in Syktyvkar, a small city in northern Russia, where his father managed technology supplies for a state university. The younger Drinkman studied computers and worked as a system administrator at the school but dropped out in 1998 to serve three years in the military. A couple of years later, he was playing Counter-Strike online when he met Moscow teen Smilianets, a competitor in international gaming tournaments. Smilianets graduated from college in 2006 with a specialty in information security but couldn’t find employment in his field, says his father, a lawyer.
Drinkman says he and Smilianets became drinking and fishing buddies. He says he was working as a financial consultant and wondering where his friend was getting the funds to run his gaming team but never got a direct answer. Like Smilianets, he denies that their camaraderie led to a hacking partnership. Drinkman has, however, admitted to at least some hacking. Two years ago he wrote a confession to the Russian Ministry of the Interior, saying that beginning in 2010 he helped plan and conduct intrusions at Russian banks, according to documents reviewed by Bloomberg Businessweek.
In June 2012, Smilianets and Drinkman traveled to Amsterdam with their wives on vacation. On their fourth morning there, the Drinkmans were told Smilianets had been arrested. They jumped in a cab, only to find their path barricaded by police, who took Vladimir Drinkman away in handcuffs. How did American authorities find out the duo were in the Netherlands, which has an extradition treaty with the U.S.? According to Drinkman and his Dutch lawyer, Bart Stapert, the source was vacation photos that Smilianets had posted to Facebook.
No comments:
Post a Comment