x Abu Dhabi, UAEWednesday 17 January 2018

Russian denies cyber attack on Abu Dhabi bank, Carrefour

A Russian man has pleaded not guilty to involvement in a string of cyber attacks targeting companies including Carrefour, Nasdaq, Visa Jordan and an unnamed Abu Dhabi bank.

Hackers harvested log-in credentials, personal data and credit and debit numbers from 17 multinational corporations including Carrefour over a seven-year period. Sarah Dea / The National
Hackers harvested log-in credentials, personal data and credit and debit numbers from 17 multinational corporations including Carrefour over a seven-year period. Sarah Dea / The National

A Russian man has pleaded not guilty to involvement in a string of cyber attacks targeting companies including Carrefour, Nasdaq, Visa Jordan and an unnamed Abu Dhabi bank.

US prosecutors have accused Dmitriy Smilianets of participating in the largest known data breach after breaking into more than a dozen companies alongside a gang of computer hackers.

Prosecutors charged five hackers based in Russia and Ukraine with conspiracy to commit wire fraud and unauthorised computer access over a seven-year period.

During the period the hackers harvested login credentials, personal data and credit and debit numbers from 17 multinational corporations and sold them as data dumps to the highest bidder.

The companies also included 7-Eleven, Dow Jones, Dexia Bank Belgium and JetBlue Airways.

"As a result of this conduct, financial institutions, credit card companies, and consumers suffered hundreds of millions in losses, including losses in excess of US$300 million," a court filing said.

Prosecutors estimated "conservatively" that the group stole 160 million card numbers, which could then be encoded on to a magnetic strip and used at an ATM.

Mr Smilianets was responsible for selling the information obtained through the hacks, they said.

Mr Smilianets was arraigned in New Jersey yesterday after being arrested in September. Bloomberg News reported last week that he was extradited from the Netherlands.

Visa's Jordan-based payment card processor was targeted in early 2011 as part of an attack that resulted in the theft of 800,000 card numbers.

The Abu Dhabi bank is named in the indictment only as "Bank A" and was broken into between 2010 and 2011 after the hackers identified a similar vulnerability used in the systems of two other payment firms' networks.

The court filings included instant messages between the hackers boasting about how they placed Google Alerts on phrases like "data breach" to see when their cyber attacks appeared on news reports, so they could see how close they were to being caught by law enforcement agencies.

One of the co-conspirators named in the indictment, Alberto Gonalez, was sentenced to 20 years in prison in 2010 for similar cyberattacks.

Cyber attacks on the UAE and its financial sector in particular are becoming much more frequent and costly.

In May, eight members of a New York-based cell were charged with money-laundering and conspiracy to commit access device fraud by US authorities after they uncovered a $45m cyberfraud that affected RAKBank and Oman's BankMuscat.

 

ghunter@thenational.ae