European and U.S. authorities have arrested three “high-ranking” Ukrainian hackers from an infamous cybercrime gang that is suspected of hacking over 100 U.S. firms in 47 states.
Each suspect has been charged with 26 felony counts of conspiracy, wire fraud, computer hacking, access device fraud, and aggravated identity theft, according to a U.S. Department of Justice statement published on August 1.
The hackers were the members of an international cybercrime group called Fin7, which was operating worldwide out of Eastern Europe. More than 100 firms were targeted by the gang in the United States, but Fin7’s criminal activities also occurred in the United Kingdom, Australia, and France.
The Ukrainians – Dmytro Fedorov, 44, Fedir Hladyr, 33, and Andrii Kolpakov, 30 – were arrested in Poland, Germany, and Spain earlier this year – the U.S. Department of Justice did not say exactly when the men were detained. Two of the hackers are still to be extradited to the United States, where all three are facing charges.
“Cyber-criminals who believe that they can hide in faraway countries and operate from behind keyboards without getting caught are just plain wrong,” U.S. Attorney Annette Hayes for the Western District of Washington said in the U.S. Department of Justice statement.
Fin7 – also referred to as the Carbanak Group and the Navigator Group, among other names – mainly targeted companies in the restaurant, gaming, and hospitality industries.
As outlined in the hackers’ indictments, Fin7 hacked into thousands of computer systems and stole millions of customer credit and debit card numbers, which the group used or sold for profit.
“The three Ukrainian nationals indicted today… (have stolen) valuable consumer data, including personal credit card information, that they then sold on the Darknet,” stated Assistant U.S. Attorney General Benczkowski, referring to a part of the internet that requires special software to access that is commonly used by criminal groups.
In the United States alone, Fin7 successfully stole more than 15 million customer card records from over 6,500 individual point-of-sale terminals at more than 3,600 separate business locations.
Fin7 crafted emails that would appear legitimate to an employee of a targeted firm, and followed up with emails with telephone calls intended to legitimize the email further. Once an attached file was opened and activated, Fin7 would use an adapted version of the Carbanak malware in addition to other tools to access and steal the payment card data of the company’s customers.
Fin7 also used a front company, Combi Security, allegedly headquartered in Russia and Israel, to provide a guise of legitimacy and to recruit hackers.
Here’s more detailed information about the way the group hacked its victims.
Companies that have publicly disclosed hacks attributable to Fin7 include familiar chains such as Chipotle Mexican Grill, Chili’s, Arby’s, Red Robin and Jason’s Deli.
Fin7 is reckoned to be one of the most profitable cyber-gangs in the world. According to industry experts, it earned $50 million a month.
In March, Spanish police, cooperating with the FBI and Europol, arrested another group of hackers from Ukraine and Russia. The hackers were also associated with Fin7 and were said to be some of its leading members. They face charges of stealing up to $1.2 billion.
The Kyiv Post’s technology coverage is sponsored by Ciklum and NIX Solutions. The content is independent of the donors.
