Slashdot Mirror
Five Charged In Largest Hacking Scheme Ever Prosecuted In US
wiredmikey writes "US authorities have charged four Russians and a Ukrainian five on charges of running a global hacking operation that targeted major payment processors, retailers and financial institutions. The charges stem from hacking attacks dating back to 2005 against several global brands, including the NASDAQ exchange, 7-Eleven, JC Penney, Hannaford, Heartland, JetBlue, Dow Jones, Euronet, Visa Jordan, Global Payment, Diners Singapore and Ingenicard. The men allegedly used SQL injection attacks as the initial entry point into the computer systems of global corporations. Once networks were breached, the defendants allegedly placed malware on the systems. According to the indictment (PDF), the malware used created a "back door," leaving the system vulnerable and helping the defendants maintain access to the network. The men face five years in prison for conspiracy to gain unauthorized access to computers; 30 years in prison for conspiracy to commit wire fraud; five years in prison for unauthorized access to computers; and 30 years in prison for wire fraud."
"US authorities have charged four Russians and a Ukrainian five on charges of running a global hacking operation [...]
At what point does the punishment no longer fit the crime? Sure, confiscate all the profits, bankrupt them, take all their assets and lock them up for a couple of years. But 30-40 years? For real? Why not just send them to Mars or something? Locking them up for 5 years without access to computers would ensure that when they get out their hacking skills would be so redundant they could never do it again.
Isn't the justice system supposed to be about a balance between punishment and reformation - not about revenge?
Meus subcriptio est nocens Latin quoniam bardus populus reputo is sanus callidus
Too bad about the "ever prosecuted" qualifier or the NSA would be so eligible.
The USA has a nasty habit of not submitting its own citizens to foreign laws but sanctions over Edward Snowden might result in Russia playing the same game. For some time Russia has been the cyber-criminal capital so sanctions would result in the USA shooting itself in the foot. Not that it would help these criminals; they were arrested in Holland.
From the article: "Two of the five men -- Drinkman and Smilianets -- were arrested while traveling in the Netherlands last year and have been extradited to the U.S. to face charges. The other three remain at large."
I suspect that they'll go to some lengths to remain at large...
'Someone' broke into the banking system and leaked a selection of bank transactions for places like the British Virgin Islands with a story that these are tax-haven stuff, and then leaked a much larger file, many thousand times bigger direct to UK/Aus/NZ/Can full of *everyone's* bank transactions. Why aren't we hunting for these 'crooks' who broke in and stole all this financial info?
(April 2013 Leak of bank transaction data):
http://www.guardian.co.uk/uk/2013/apr/03/offshore-secrets-offshore-tax-haven
IMHO this was NSA or GCHQ leaking emails and SWIFT data it intercepted, I worked on a system known as SEPA which is due to take over from SWIFT by next year and will secure Euro transactions from US surveillance. As soon as this leak happened it was just before a G7 meeting with the agenda of clamping down on tax havens. So it looked like lobbying fodder to force the outcome of that meeting and try to get access to SEPA.
(May 2013, G7 Nations agree to fight tax havens):
http://articles.economictimes.indiatimes.com/2013-05-11/news/39186824_1_tax-havens-transfer-pricing-rules-tax-authorities
And the Canadian Feds (and presumably the spooks too), as a result got access to the bank data:
http://business.financialpost.com/2013/05/10/tax-havens-probe-canada/
I'm guessing the NSA got a feed as part of 5 eyes:
"OTTAWA — The federal government says it will get access to relevant Canadian information stemming from a sweeping offshore tax-evasion investigation being conducted by the United Kingdom, United States and Australia."
See how it works? Collect all the info, use it as leverage to get more, leak against opponents, put friendlies in power.
I noticed how they qualified that with "Prosecuted in the US" since we know that the people behind the largest hacking schemes in the US will never get prosecuted.
they just wanna go to Russia so they can grab snowden in the airport on there way through
So can someone explain to me how you can be convicted of both conspiring to do wire fraud AND for doing it? Doesn't the latter cancel out the former, or do you also get convicted of conspiracy to attempt a murder, attempted murder AND murder when you kill someone?
The indictment is from 2009. Two of the 5 men were arrested last year. The other three men are on the run most likely hiding out somewhere in Russia, and suddenly this is offered up as new "news" for the masses to contemplate. Could we be seeing some Snowden kickback - time to drag the words "Russia"/"Russian" through the dirt as much as possible for not handing over the US whisteblower Edward Snowden. The battle here is all about public opinion, after all - because they sure cant win against him based on morality, or even the law.
How DARE they steal all that money before the bankers could steal it!
Hacking is irrevelant when the global economy went to shit. And the people who did THAT will never see the inside of a jail cell.
And now we spent even more finding these 'hackers'.
We are not smart...
This is going to be the foreign criminals that gonzalez was referencing when he filed his habeas corpus petition a bit back (http://www.bankinfosecurity.com/gonzalez-seeks-guilty-plea-withdrawal-a-3527). He's an unindicted co-conspirator in the indictment, and there is some overlap in the crimes for instance the heartland hacks.
It's not about the money, it's about sending a message: Do not compete with the government. ;)
So now that the Famous Five are in goal, the Secret Seven better look out...
Excuse me, but please get off my Pennisetum Clandestinum, eh!
"Molesting a dead horse."
I'm not from the US but...how can you get charged for wire fraud, AND conspiracy to commit wire fraud? Surely it's you either did it, or you planned it? I don't see how you can get punished for both.
If I pour crude oil into the ocean, destroy the livelyhoods of fishing communities and kill a few of people on an oil platform in a gas fire (and destroy some evidence), I'll get a couple of hundred $k fine. If I buy a gun and go out and shoot the same number of people (and survive the manhunt) I'll get the rest of my life being a jailhouse bitch. Now, I wonder which I would choose?? Haliburton, do you have any vacancies???
Prepared statements have many advantages ranging from cleaner code to the huge security benefits. Why aren't these guys using them? Or is it more insidious in that the library that these guys are using for prepared statements has some kind of hole? I wish that a NTSB type group would examine these larger data breaches and produce a public report.
For example. I somewhat sanitize the input from users. But I do rely on prepared statements to make SQL injection impossible. Thus if library X.3 is somehow susceptible I would love to see reports showing that company X was hacked because of library Y. Now in theory I could go out and read the billion various security forums but they tend to be a wee bit obscure. But reports of actual events of an actual hack with the suggested changes that would have prevented that hack would be really cool.
Or are these programmers just that dumb. In that case it would be nice to name and shame the developers.
I thought treason is a hanging offense? No? Or is it firing squad? Maybe Both? It should be.
Your fault for Voting Republican/Democrat.
Honestly, Being in Congress should be by lottery and forced servitude. You cant get elected, it's a lottery and compulsory.. Dave Fox of 3124 Main Street, Chester,OH... YOU are the new congressional representative of your district for the next 2 years. An armed caravan will be there momentarily to pick you up.
It is the only way to keep it honest. Because voting for rich assholes is turning out to be a complete failure.
Do not look at laser with remaining good eye.
Until they figure out how to rig the lottery.
The largest, most powerful, most expensive government AND world empire (with military bases in some 150 countries around the world) needs to justify their lucrative business. At some point in the continuous expansion of this business, they will need to leave ethics and logic in the dust, and demand "tougher" everything. Coercive authority trumps common sense, and the power elite know this better than anyone.
To simplify, there's more money to be made in a police state than a free state. That's really all there is to it.
At that point we do it via thunderdome.... two men enter one man leaves, and is a Congresscritter for 2 years.
Do not look at laser with remaining good eye.
Why hack 7-Eleven and get 30 years when you can do the easyer way of just going to one getting a gun out getting the cash and if you do go to lock it's likely to be state and less time.
Here is the text in Russian language from Ukrainian news website:
http://dumskaya.net/news/odessit-prinyal-uchastie-v-krupnejshej-hakerskoj-028307/
The alleged Ukrainian hacker claims legitimate business hosting business and right violation.
A monkey could write code that's not vulnerable to SQL injections. You'd almost have to try to add that vulnerability to your software these days because even my intern knows how they work and how to use stored procedures or even regex filters. So all they really did was point out companies that are completely inept when it comes to security.
Why hack 7-Eleven and get 30 years when you can do the easyer way of just going to one getting a gun out getting the cash and if you do go to lock it's likely to be state and less time.
Can you get $200 million at a 7-Eleven store?
I don't think that the matter is so much the tool that was used, but rather the amount of times it was used and the amount stolen. If you used your gun in a cross-country spree of dozens of 7-Eleven robberies, which ultimately netted $200 million, I'll bet you'd get 30 years to life.
The 30 years these hackers face is for dozens of counts of robbery(labeled wire fraud).
If you're going to steal from millions of Americans, make sure you're a big bank if you want to get away with it.
Not that anyone reads the classics any more...but Plato's "Republic" outlined a system where, the higher up one was in the political hierarchy, the more spartan their lifestyle was. The idea was to discourage people from entering politics unless their heart was truly in it.
Some of the aspects of the system were a bit totalitarian and heavy-handed, but still, it seems like it'd be a lot better than the god-awful mess we have now.
"Once we've identified and embraced our sickness, we'll have strength...and that's when we get dangerous." - John Waters
...about SQL injections
"Once we've identified and embraced our sickness, we'll have strength...and that's when we get dangerous." - John Waters
Given that the NSA has imposed a totalitarian surveillance state on us, why can't it stop these things from happening?
Sadly, the point of the NSA surveillance isn't crime prevention, it's political control.
Did the America I knew and loved ever really exist? Or were my history books just effective marketing campaigns?
"Once we've identified and embraced our sickness, we'll have strength...and that's when we get dangerous." - John Waters
Anyone know who the lawyers / firms are that are defending them in this action?
Or use the Goldman Sachs ploy: Get Congress to except your chosen scheme from anti fraud, gambling and other statues. Then proceed to profit at will.
Have gnu, will travel.
Your fault for Voting Republican/Democrat.
Honestly, Being in Congress should be by lottery and forced servitude. You cant get elected, it's a lottery and compulsory.. Dave Fox of 3124 Main Street, Chester,OH... YOU are the new congressional representative of your district for the next 2 years. An armed caravan will be there momentarily to pick you up.
It is the only way to keep it honest. Because voting for rich assholes is turning out to be a complete failure.
1) That's slavery, and
2) it doesn't prevent these representatives from being secretly bribed like they are now.
We'd be better off with delegated voting. As soon as your congressperson does ONE bad thing, you replace them with any alternative.
Ah, right, right, it's MY fault that all but a statistically insignificant amount of everyone else didn't vote the way YOU demanded they do. Self-centered much?
1 - Wah.
2 - Collusion or bribery is dealt with by the Congressional Judges, they walk up and simply shoot in the head anyone doing such things. No warning, just BLAM and leave the body there for 24 hours so everyone can see what happens when you talk to a lobbyist.
And again we'll wind up with brainless thugs in office.
Dave Fox of 3124 Main Street, Chester,OH... YOU are the new congressional representative of your district for the next 2 years. An armed caravan will be there momentarily to pick you up.
And all of your assests will be liquidated and returned to you after your term, adjusted to reflect econmy performance.
An I.T. motto in the hands of an idiot is a dangerous thing...
Wow. What a terrible dystopia you come up with. It's not easy to come up with a system worse than the current one, so... well done!
They only care about getting rich off of there wasted college educations, something else that makes me laugh is how they are abusing the college systems to make profits, forcing students, and there parents to fork out hoards of money for a degree. Those degrees, which sew together the fabric of the economy, tax money, will never see the type of money/brides that these politicians get rich of off. It is a ponzi scheme, for assholes that think there position or there lack of knowledge has some how made them someone of significance.
The powers at be refuse to put term limits on these shit stains, in both your state congress and house as well as the nations capital, on top of that the voters have proven they do not care, if you gave a shit you would not vote, people think by voting for some moron party like the Tea baggers that it will lead to limiting the abuse of federal powers. It is the same game it always was, politicians talk a bunch of bullshit to the public of how your going to do this and that then behind close doors they are passing laws creating newer and far more powerful federal government. Or they pass some new law or bill, with a eye catching title, but the law/bill has done nothing to stop the problem, it is filled with loopholes and back doors to allow companies and themselves to get away with screwing people over.
I think C-SPAN should be eliminated, because politicians are only using it as a means of pathetic method acting, which the rest of the right/left wing media morons in the press eat up claiming how this is great...