Russian wanted in S$407 million hack scheme extradited to US

A Russian wanted in the hacking of the Nasdaq stock market and of payment systems resulting in $300 million(S$407 million) in losses has been extradited to face US criminal charges, officials said Tuesday.

Vladimir Drinkman, 34, appeared in court to face criminal charges in Newark, New Jersey after being extradited from the Netherlands, the Justice Department said in a statement.

Drinkman, who was arrested by Dutch authorities in June 2012, was charged in what officials called "the largest international hacking and data breach scheme ever prosecuted in the United States."

Drinkman and his co-defendants are charged with attacks on the Nasdaq, retailers 7-Eleven, Carrefour, JC Penney and other companies, with losses estimated at more than $300 million between 2005 and 2012.

Drinkman and fellow Russian Alexandr Kalinin were previously charged as "Hacker 1" and "Hacker 2" in a 2009 indictment charging Albert Gonzalez in connection with five corporate data breaches, including the breach of Heartland Payment Systems, which at the time was the largest ever reported.

Gonzalez is currently serving 20 years in federal prison for those offences.

Drinkman and another defendant, Dmitriy Smilianets, were arrested at the request of the United States while traveling in the Netherlands on June 28, 2012. Smilianets was extradited months later and is in US custody.

Kalinin and two others remain at large, officials said.

Drinkman faces charges of conspiracy, wire fraud and unauthorized computer access, each carrying potential prison terms.

US officials have had little help from Russia and other Eastern European countries in extraditing wanted hackers, but has had some success in nabbing suspects during trips to other locations.

Officials said the gang stole some 160 million credit card numbers and then sold them through shady online markets.

The biggest hack at the time was at Heartland, a major payment processor which became victimized by malware that allowed thieves to steal 130 million card numbers, resulting in some $200 million in losses.

The hackers also penetrated the Dow Jones news and information service, compromising some 10,000 log-in credentials, according to the indictment.

French-based retailer Carrefour and Belgian bank Dexia were also among the victims, along with US airline JetBlue and other retailers and financial firms.

Drinkman was ordered held without bail and a trial on 11 charges was set for April 27.

"Cyber criminals conceal themselves in one country and steal information located in another country, impacting victims around the world," Assistant Attorney General Leslie Caldwell said.

"Hackers often take advantage of international borders and differences in legal systems, hoping to evade extradition to face justice. This case and today's extradition demonstrates ... we are able to bring cyber thieves to justice in the United States, wherever they may commit their crimes."