© 2024 Texas Public Radio
Real. Reliable. Texas Public Radio.
Play Live Radio
Next Up:
0:00 0:00
Available On Air Stations

Russian Hackers Stole More Than 160 Million Credit Cards


Today, U.S. attorneys in New York and New Jersey unveiled indictments against a Russian and Ukrainian hacking conspiracy - more than 100 million credit and debit card numbers stolen. Authorities say it's the largest case of electronic data theft ever of comfort by U.S. law enforcement.

Joining us now with details is NPR's Steve Henn. And, Steve, just how big was this attack?

STEVE HENN, BYLINE: Actually, it was a series of attacks beginning all the way back in 2005, and collectively they were an enormous. According to investigators, this group of hackers broke into the computer networks of more than a dozen large corporations. And actually, they stole more than 160 million credit card numbers. Basically, they set up a global business selling card numbers to a group of, quote, "trusted identity theft wholesalers." And all told, these hacks eventually led to more than $300 million in losses, according to the Justice Department.

Paul Fishman, the United States district attorney, called it staggering.

SIEGEL: So, which companies and institutions were targeted by the hackers?

HENN: Well, more than a dozen, including Citibank, PNC financial were both hacked. Heartland Payment Systems and other large credit card processing companies were hacked. Also retailers like J.C. Penney, 7-Eleven - even NASDAQ, although the indictment went to pains to say that the trading platform wasn't compromised.

SIEGEL: I mean, you're talking about institutions that we assume have some kind of security. How did these attacks work?

HENN: Well, it was complicated but what was impressive was the hackers used a variety of different techniques. Sometimes they planted malware. Sometimes they attacked the corporate databases directly. And several times they actually attacked financial institutions' websites, creating programs that would guess at account passwords again and again and again, automatically, until they got a hit. In a single day in 2008, they were able to compromise more than 300,000 Citibank accounts using that technique.

SIEGEL: This went on for several years, I gather. Is it eight years or so?

HENN: Right.

SIEGEL: How do they get away with it for so long?

HENN: Well, according to investigators, these five hackers who were highly specialized and very good at what they did. Two just concentrated on breaking into corporate networks. One analyzed the data they stole. Another handled sales. Mikhail Rytikov from the Ukraine specialized in covering their tracks. He provided encryption in anonymous Web hosting services. And investigators say they were lucky to catch them. Still, though, three of them are at large.

SIEGEL: OK. Thank you, Steve.

HENN: My pleasure.

SIEGEL: That's NPR's Steve Henn. Transcript provided by NPR, Copyright NPR.

Prior to his retirement, Robert Siegel was the senior host of NPR's award-winning evening newsmagazine All Things Considered. With 40 years of experience working in radio news, Siegel hosted the country's most-listened-to, afternoon-drive-time news radio program and reported on stories and happenings all over the globe, and reported from a variety of locations across Europe, the Middle East, North Africa, and Asia. He signed off in his final broadcast of All Things Considered on January 5, 2018.
Steve Henn is NPR's technology correspondent based in Menlo Park, California, who is currently on assignment with Planet Money. An award winning journalist, he now covers the intersection of technology and modern life - exploring how digital innovations are changing the way we interact with people we love, the institutions we depend on and the world around us. In 2012 he came frighteningly close to crashing one of the first Tesla sedans ever made. He has taken a ride in a self-driving car, and flown a drone around Stanford's campus with a legal expert on privacy and robotics.