Three Ukrainians arrested in U.S. hacking plot
SEATTLE — Three Ukrainian members of a sophisticated international hacking group that targeted restaurants, casinos and other businesses in 47 U.S. states to steal credit and debit card records have been arrested and face charges in federal court in Seattle, officials said on Wednesday.
The hacking group, known as FIN7 or Carbanak, stole about 15 million credit and debit cards records and also targeted establishments in the District of Columbia and around the world, U.S. Attorney Annette Hayes told reporters. Companies that had information stolen included Chipotle, Arby’s, Red Robin and Jason’s Deli.
Losses totalled in the tens of millions of dollars, Hayes said.
“We are under no illusions that we have taken this group down altogether, but we have made a significant impact,” Hayes said.
The operation is one of the largest cybercrime cases the FBI has handled, said Special Agent Jay Tabb.
Suspects Dmytro Fedorov, Fedir Hladyr and Andrii Kolpakov face 26 felony charges that range from wire fraud, computer hacking and identity theft.
“The charges are very serious and my client may be facing the decades in jail if convicted,” said Arkady Bukh, a lawyer representing Hladyr.
Bukh said the case is complex and that “there is no clear decision at this time whether [we] will go to trial or will consider a plea.”
Officials say Hladyr, who was arrested in Germany in January and is in custody in Seattle, was FIN7’s systems administrator and maintained the group’s servers. His trial is set for Oct. 22.
Fedorov and Kolpakov supervised hackers who breached the computer systems, officials said. Fedorov is being held in Poland and Kolpakov is in Spain awaiting extradition to the U.S.
“Our intention is to bring them back here to Seattle so they can face these charges and we can hold them to account,” Hayes said. “These hackers think they can hide behind keyboards in faraway places and escape the long arm of the United States law.”
The group used sophisticated techniques to worm their way into computer networks, sending carefully crafted emails to employees at the businesses that appeared to be legitimate, Tabb said.
“These emails were sent … and appeared to be harmless,” Tabb said. “They often accompanied the emails with phone calls to employees to get them to open the attachments sent in emails. Of course, if they opened the attachment, that would deploy the malware onto the company’s computer systems.”
Fin7 used an adapted version of the notorious Carbanak malware with an arsenal of other tools to steal payment card information from the businesses, Tabb said.
The stolen credit and debit card numbers were often were sold in underground online marketplaces and criminals then made charges on the cards, Tabb said.