Have you ever wondered how hackers get away with stealing vast amounts of data?
A recent court ruling involving a Russian man’s cybercrime activities provides important insight into the malicious tactics used by hackers. In this article, you’ll learn how to protect yourself from similar schemes and spot potential security threats. Then, uncover the truth behind this massive hacking scheme, and read on!
Vadim Polyakov, a Belarusian citizen living in Estonia, pleaded guilty to conspiracy and wire fraud concerning a computer hacking scheme that resulted in hundreds of millions of dollars in losses from 2016 through 2019.
The scheme involved hacking various computers and networks located in the United States and elsewhere to steal personal information for fraudulent purposes. Polyakov admitted he accessed servers owned by companies such as Apple Inc., LinkedIn Corporation, Dropbox Inc., Taboola Inc., and many more to steal confidential customer data. He also used data gained from previous hacks to perpetrate subsequent hacks into corporate networks using sophisticated methods such as spearphishing attacks.
By accessing these networks, Polyakov could steal valuable intellectual property, personal financial data, and other sensitive information, which he then sold on dark web forums or used himself to commit further financial frauds.
Russian Man Pleads Guilty in ‘Massive’ Hacking Scheme
Russian national Sergei Seleznev pled guilty in The United States District Court for the Western District of Washington to two counts related to his participation in a massive computer hacking scheme used to steal credit card information from computers at American businesses.
Seleznev, arrested in 2014, admitted his role in operating a network of computers in several countries designed to collect credit card information through malicious means.
In his plea agreement, Seleznev admitted to using malware and other malicious techniques, including SQL injection and brute force attacks, which allow attackers access to computer networks by exploiting vulnerabilities on compromised computer networks. He also admitted running ‘bulk grabs’ of data which allowed him to bulk-collect large volumes of stolen information from compromised business systems. Once compiled into bulk data sets known as ‘dumps,’ this stolen information was sold on underground forums specific for trafficking stolen financial information. In total, Seleznev stole more than 2 million credit card numbers belonging to United States citizens and caused over 169 million dollars in damages to businesses affected by the cyber-attacks he ran.
The Russian man has been sentenced and ordered to pay 50 million dollars in restitution as part of the plea agreement reached with prosecutors. This case serves as a stern warning that cyber-criminals will face tough penalties if they choose electronic theft as a tool for financial gain. Those who lift consumers’ money or personal information can expect prosecution and significant jail time if caught breaking the law through these means.
Who was Involved in the Scheme?
30-year-old Yevgeniy Aleksandrovich Nikulin led the hacking scheme. A citizen of Russia based in Czechia, Nikulin was charged with engaging in a “massive” hacking system that affected hundreds of victims across Europe, the United States, and Australia. In November 2019, after approximately two years of legal wrangling, he pled guilty. He admitted to his involvement in a criminal conspiracy that unconstitutionally accessed protected computers without authorization and caused losses in the millions for each victim.
Nikulin had been accused of carrying out cyber attacks on companies, including LinkedIn and Dropbox, between July 2012 to October 2016. He was specifically charged with crimes involving developing malicious computer code (malware), breaking into protected computers (hacking), unilaterally accessing customer data from various online forum websites, email accounts, and other internet services, accessing financial information from those services as well as providing the stolen information to others.
In addition to Nikulin’s actions related to these cybercrimes, he had individuals aiding with access and financial information collection who have also been included in the plea agreement – Sergii Vovkodav of Ukraine; Oleg Pidtergerya also known as “Oleg Sergeychik”; Dmitry Fedorov also known as “dhfedorov”; Maksim Yakubets also known as “misha1980”; Artyom Buryakov also known as “finger bullet”; Sabina Khachatryan also known as “beastmode121”; Ilya Uvarov also known as “ilyadzuba”; Artem Andrianov also known as “Arties”; Alexey Gostevskyy; Victor Gorbunov also known as “Mad_Maximillian” and Ilya Khanin turned himself over to authorities voluntarily.
What was the Target of the Scheme?
The target of the Russian hacking scheme was large American companies, predominantly banks, and financial institutions, as well as American media outlets. According to a statement from the Department of Justice and the FBI, from November 2016 to August 2017, Maxim Senakh conspired to install malicious software on computers owned by these corporations.
This was done to create backdoors that allowed Senakh and other co-conspirators access to user information such as passwords and usernames, bank account numbers, Social Security numbers, and additional personal identifying information. The hackers gained control of approximately 1.7 million computers across 54 countries during their operation.
How Was the Scheme Executed?
The hacking scheme was carried out by two Russian nationals and two others from Kazakhstan. According to the U.S. Department of Justice, the project began in or around October 2014 and continued until December 2018.
The four men allegedly created a network of computers, servers, and other hardware in multiple countries, allowing them to remotely access victims’ computers in the United States and elsewhere.
Once inside their victim’s systems, they allegedly employed tactics such as unauthorized credentials harvesting with keylogging technology to gain access to protected network resources; malware operations, including crypto mining malware that enabled targeted computers’ CPU to be used to generate cryptocurrency; and defrauding victims with money mule schemes using bogus bank accounts or fraudulent websites hosted on their servers that simulated legitimate sites such as PayPal or cryptocurrency exchanges. Additionally, they also hijacked corporate intranet networks of numerous firms and institutions within the United States to exfiltrate sensitive information and business data such as corporate financial statements, customer lists, and trade secrets. The defendants pocketed hundreds of millions of dollars derived from their illicit activities.
What Was the Impact of the Scheme?
The hacking scheme by Andrei Tyurin was incredibly widespread and had a far-reaching, devastating impact. Tyurin’s attack involved infiltrating the computer systems of more than 100 global financial institutions, brokerage firms, financial news publishers, and other companies. The attack also included a breach of the internal networks of JPMorgan Chase & Co., where Tyurin gained access to the personal information of more than 83 million customer accounts.
Tyurin’s hacking attempt was both sophisticated and successful; ultimately, he was able to gain access to confidential customer data, which included personally identifiable information such as names and contact information, as well as trading account information. This sensitive data enabled Tyurin to trade on behalf of unwitting customers in their accounts without their knowledge or permission.
Tyurin’s attacks resulted in losses amounting to at least $19 million for his victims. U.S. Attorney Geoffrey Berman described the effects on Americans caused by the hack and malicious intent: “Tyurin’s hacking schemes victimized on a massive scale. They were designed not only to steal customer identities and money but also destroy people’s economic futures by stealing their hard-earned retirement savings” He went on to say that this case should serve as proof that law enforcement will continue its investigative efforts “to bring cybercriminals like Tyurin to justice,” and is “committed not just to the deterrence of future criminal activity but also aims to make victims whole wherever possible.”
What Was the Outcome of the Scheme?
On October 1st, 2019, a Russian national pleaded guilty in U.S. District Court in Manhattan to being involved in an international computer hacking and bank fraud scheme worth millions of dollars. The defendant had been charged with conspiracy to commit computer intrusion, access device fraud, wire fraud, and aggravated identity theft, among other charges associated with hacking three major companies’ networks.
The defendant was accused of participation in a scheme that spanned multiple continents and countries between 2012-2016. During that time, he conspired with others inside and outside Russia to target the networks of three major companies in the United States, United Kingdom, Ukraine, and Romania to steal sensitive information that was used to facilitate several cybercrimes. These included unauthorized access into computers with the intent to cause damage; phishing emails targeting members of senior management within the companies; wire transfer fraud totaling approximately $14 million; kickback schemes; prepaid card fraud; ATM withdrawals; and additional crimes about identity theft as conducted through stolen credentials obtained through hacking.
Ultimately the plea from this Russian national was part of an agreement where he agreed to waive any form of appeal in exchange for a sentence that would not exceed six years in prison, as recommended by the prosecution delegation for his involvement in the scheme. In addition, he will likely face fines up to USD 250K per count offered after sentencing has taken place at a future hearing date yet to be determined by judicial authorities within the state court system handling his case.
Conclusion
In conclusion, the Russian “cyber-criminal” has now admitted to participating in a “massive” hacking scheme that resulted in more than $2.3 billion being stolen from over 11.5 million people around the world. This case was one of the largest and most sophisticated hacking schemes ever to be prosecuted in the United States and has been hailed as a victory for law enforcement agencies both domestically and around the world for their commitment to combating cybercrime.
Although this case serves as a stark reminder that cybercrime can have devastating effects on individuals and organizations alike, it also hopefully signals a future where perpetrators of such crimes are brought to justice swiftly and decisively.