Latest in Gear

Image credit:

Three men arrested for stealing over 15 million payment cards

They’re allegedly part of the notorious Carbanak cybercrime group.
Share
Tweet
Share

Sponsored Links

Getty Images

US officials announced today that three alleged leaders of the cybercrime group known alternatively as Fin7, Carbanak and the Navigator Group have been arrested in Germany, Poland and Spain and charged with 26 felony counts. The charges include conspiracy, wire fraud, computer hacking, access device fraud and aggravated identity theft. The Department of Justice alleges that Fin7 members have targeted more than 100 US companies, hacked thousands of computer systems and stolen 15 million credit and debit card numbers. The group is said to have breached networks in 47 states and Washington, DC and hacked 6,500 point-of-sale terminals at over 3,600 business locations.

"The three Ukrainian nationals indicted today allegedly were part of a prolific hacking group that targeted American companies and citizens by stealing valuable consumer data, including personal credit card information, that they then sold on the Darknet," Assistant Attorney General Benczkowski said in a statement. "Because hackers are committed to finding new ways to harm the American public and our economy, the Department of Justice remains steadfast in its commitment to working with our law enforcement partners to identify, interdict and prosecute those responsible for these threats."

Fin7 is also believed to have breached systems in the UK, Australia and France. The Department of Justice indictments released today allege that Fin7 is responsible for hacking systems belonging to businesses like Chipotle, Chili's, Arby's, Red Robin and Jason's Deli. The group has also previously been connected to breaches affecting Lord & Taylor, Saks Fifth Avenue and Oracle.

Fedir Hladyr, who allegedly maintained servers and communication channels for Fin7, was arrested in Dresden, Germany in January and is currently awaiting trial in Seattle. Dmytro Fedorov, arrested in Bielsko-Biala, Poland in January, is said to have supervised other hackers in the group. His extradition to the US is pending. The third member, Andrii Kolpakov, was arrested in Lepe, Spain in June and is also alleged to be a supervisor. The US is working on its extradition request for Kolpakov.

Fin7 is said to have used phishing campaigns to gain access to a business' systems, pairing fraudulent emails with phone calls in order to appear legitimate. The group then used a version of the Carbanak malware -- which has also been used to attack banks and gain control over ATMs -- to steal payment card data, which was later sold online.

"Protecting consumers and companies who use the internet to conduct business -- both large chains and small 'mom and pop' stores -- is a top priority for all of us in the Department of Justice," said US Attorney Annette Hayes. "Cyber criminals who believe that they can hide in faraway countries and operate from behind keyboards without getting caught are just plain wrong. We will continue our longstanding work with partners around the world to ensure cyber criminals are identified and held to account for the harm that they do -- both to our pocketbooks and our ability to rely on the cyber networks we use."

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Windows XP source code leak sheds light on Microsoft's OS history

Windows XP source code leak sheds light on Microsoft's OS history

View
SpaceX scales back plans for Starship's first high-altitude flight

SpaceX scales back plans for Starship's first high-altitude flight

View
NASA delays its Titan drone mission by another year

NASA delays its Titan drone mission by another year

View
Honda's electric SUV concept is a peek at a production vehicle

Honda's electric SUV concept is a peek at a production vehicle

View
Fitbit's OS for the Sense and Versa 3 won't come to earlier smartwatches

Fitbit's OS for the Sense and Versa 3 won't come to earlier smartwatches

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr