His name is Dmitriy Smilianets, a young Russian hacker, claiming that he didn’t realize he was hurting people by stealing their money and personal information. It’s amazing how a thief/criminal can talk themselves into justification for their misdeeds… Here’s the profile – in the early 2000’s, he was 20 years old, and couldn’t find what he thought was a good job. He totaled his friends Mercedes, his friend demanding that he pay for a replacement. An easy way out? Hacking. He joined a group called Carder Planet. They taught him how to steal credit card data through an online magazine. Hacked people outside Russia, it claims it’s okay because in America it’s a victimless crime. Banks, credit card companies, and insurance companies pay back the victim, so there’s no worry. The average person doesn’t get hurt. Hackers infiltrating the U.S. almost never get prosecuted, so it’s worth big money. The magnetic strip on the back of your card holds all the data associated with the card – name, expiration date, 3 digit security code. The compromised ATM, gas pump, and supermarket checkout machine transfers all the data to the hacker. VladimirDrinkman is supposedly the most gifted hacker in the world. Dimitri and Vladimir met and the rest is history. Splitting the workload, Dimitriy handled the hacking, Vladimir (I think of him as Vlad the Impaler) concentrated on stealing the data. Finding themselves overworked, they hired more people. Everyone had a different past. Hacking servers, hacking data, hacking banks, each had a different role. Dimitriy was the CEO, Vlad was chief technology officer. His job was to break into networks, pulling the data out. Another was head of business development, Roman Valeryevich Seleznev (aka Track2 ) was the chief data officer – he was a master at mining networks to steal data. The final member built a bulletproof server, which held the data of millions of credit cards. They hacked 7-Eleven, JetBlue, and Dow Jones, among others. Nobody was paying attention. Dimitriy was the average American guy next door – living in a house in New Jersey with a dog, no less. He and his crew spent millions of dollars. They ended up hacking into Heartland Payment Systems in 2007, they process payments on credit and debit cards. Visa, MasterCard, and American Express use them. They teamed up with a 20-year-old American hacker named Albert Gonzales. Gonzales found a bug in the Heartlands website giving them a way in. Even though the credit card information was encrypted by the company, the information has to de-crypted for a few minutes so Heartland can verify the information on the card. Only a few seconds, and the hackers were in. They found track data, even though Heartland thought they cleaned it up, Gonzales found a way back in. Arrested for something else, the group continued without him. More than a million pieces of data were pulled from Heartland daily. They stopped for a six-month breather, and resumed. In 2008, the head of Heartland was alerted by an employee that there was a big data dump – stolen credit cards – and they wanted to know how that happened. The dump was from Heartland. Thieves love this part because it’s like whack-a-mole… you can’t catch me, I’m over here, no I’m here! The adrenaline rush is the drug in addition to the monetary gain. Heartland lost 130 million credit card numbers. They have to pay $110 million to Visa, MasterCard and American Express. In 2009, the Secret Service filed charges against Gonzales. It was the largest data breach in U.S. history. Another company, Hannaford Brothers, was also breached. Gonzales is serving 20 years. Vlad and Dimitriy are still on the run. Dimitriy claims he only realized it was a crime when he saw the victims on the news. Even so, he couldn’t give it up. – Source”Hack Me If You Can” by Bob McMillan and Rachel Humphreys, Catherine Brewer from the Wall Street Journal Go to the Wall Street Journal’s show notes for episode 2 |