Russian extradited to US for hacks that stole 160 million credit card numbers

Russian extradited to US for hacks that stole 160 million credit card numbers

The defendant pleads not guilty to assisting with cyberattacks on Nasdaq, Dow Jones, Heartland and other companies

A Russian man accused of high-profile cyberattacks on Nasdaq, Dow Jones, Heartland Payment Systems and 7-Eleven has been extradited to the U.S. and appeared in court in Newark, New Jersey, Tuesday.

Vladimir Drinkman, 34, of Syktyykar and Moscow, Russia, was charged for his alleged role in a data theft conspiracy that targeted major corporate networks and stole more than 160 million credit card numbers, the U.S. Department of Justice said in a press release. Drinkman was arrested in the Netherlands in June 2012 and had been detained there.

Drinkman appeared Tuesday in U.S. District Court for the District of New Jersey and entered a plea of not guilty to 11 counts he faces. His trial is scheduled to begin in April.

Drinkman was one of five people from Russia or the Ukraine indicted in July 2013 for allegedly conspiring to penetrate the computer networks of several of the largest payment processing companies, retailers and financial institutions in the world, the DOJ said.

The hackers often gained initial entry through an SQL injection attack, the DOJ said. They then placed malware into the compromised networks that gave them backdoor access. In some cases, the defendants lost access to a system due to companies' security efforts, but were allegedly able to regain it through persistent attacks.

Drinkman and his four codefendants each served specific roles in the hacking scheme, according to court documents. Drinkman and Alexandr Kalinin, 28, of St. Petersburg, Russia, each allegedly specialized in penetrating network security and gaining access to the corporate victims' systems. Roman Kotov, 33, of Moscow, allegedly specialized in mining the networks that Drinkman and Kalinin compromised to steal valuable data.

The hackers hid their activities using anonymous web-hosting services provided by Mikhail Rytikov, 27, of Odessa, Ukraine. Dmitriy Smilianets, 31, of Moscow, then allegedly sold the stolen information and distributed the proceeds of the scheme to the participants, the DOJ said.

Drinkman and Kalinin were previously charged in New Jersey as Hacker 1 and Hacker 2 in a 2009 indictment charging Albert Gonzalez, 33, of Miami, in connection with five corporate data breaches, including the breach of Heartland Payment Systems, which at the time was the largest breach ever reported. Gonzalez is currently serving 20 years in federal prison.

Kalinin is also charged in two federal indictments in the Southern District of New York. One charges Kalinin in connection with hacking certain computer servers used by Nasdaq and the second charges him and another Russian hacker with an international scheme to steal bank account information from U.S. financial institutions.

Drinkman and Smilianets were arrested at the request of the DOJ while traveling in the Netherlands in June 2012. Smilianets was extradited in September 2012 and remains in federal custody. Kalinin, Kotov and Rytikov remain at large.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags U.S. Department of JusticeAlexandr KalininVladimir DrinkmansecurityU.S. District Court for the District of New JerseyMikhail RytikovRoman KotovlegalDmitriy SmilianetsAlbert Gonzalezcybercrime


Show Comments