Members of International Cybercrime Group Arrested for Alleged Role in Attacking U.S. Companies
On August 1, 2018, the U.S. Department of Justice announced that three members of an international cybercrime group have been arrested and are facing charges filed in U.S. District Court. According to the federal indictments, the Ukrainian nationals are members of a hacking group known as FIN7 that have stolen millions of credit card numbers from point-of-sale terminals via a sophisticated malware campaign.
According to the Department of Justice, FIN7 successfully breached the computer networks of United States companies in 47 states and the District of Columbia. FTC defense lawyer Richard B. Newman reports that additional intrusions are alleged to have occurred abroad, including in the United Kingdom, and victims include Chipotle, Chili’s and Arby’s.
“The three Ukrainian nationals indicted today allegedly were part of a prolific hacking group that targeted American companies and citizens by stealing valuable consumer data, including personal credit card information, that they then sold on the Darknet,” said an Assistant Attorney General. “Because hackers are committed to finding new ways to harm the American public and our economy, the Department of Justice remains steadfast in its commitment to working with our law enforcement partners to identify, interdict, and prosecute those responsible for these threats.”
“Protecting consumers and companies who use the internet to conduct business – both large chains and small ‘mom and pop’ stores — is a top priority for all of us in the Department of Justice,” said a U.S. Attorney. “Cyber criminals who believe that they can hide in faraway countries and operate from behind keyboards without getting caught are just plain wrong. We will continue our longstanding work with partners around the world to ensure cyber criminals are identified and held to account for the harm that they do – both to our pocketbooks and our ability to rely on the cyber networks we use.”
“The naming of these FIN7 leaders marks a major step towards dismantling this sophisticated criminal enterprise,” said a Special Agent. “As the lead federal agency for cyber-attack investigations, the FBI will continue to work with its law enforcement partners worldwide to pursue the members of this devious group, and hold them accountable for stealing from American businesses and individuals.”
The conspirators are charged with 26 felony counts alleging conspiracy, wire fraud, computer hacking, access device fraud, and aggravated identity theft. According to the indictments, FIN7 launched waves of cyberattacks via email messages and telephone calls intended to further legitimize the email. Once an attached file was opened and activated, FIN7 would allegedly use malware and other tools to access and steal payment card data. Since 2015, FIN7 allegedly sold the data in online underground marketplaces.
FIN7 allegedly used a front company with headquarters is Russia and Israel to provide a guise of legitimacy and to recruit hackers to join the criminal enterprise. The company’s website indicated that it provided a number of security services such as penetration testing and listed actual victims as its clients.
The investigation was conducted by the Seattle Cyber Task Force of the FBI and the U.S. Attorney’s Office for the Western District of Washington, with the assistance of the Justice Department’s Computer Crime and Intellectual Property Section and Office of International Affairs, the National Cyber-Forensics and Training Alliance, numerous computer security firms and financial institutions, FBI offices across the nation and globe, as well as numerous international agencies.
Overseas arrests were executed in Poland by the “Shadow Hunters” from the Polish Central Bureau of Investigation, in Germany by the German State Criminal Police Office and the Dresden Police, and in Spain by the Spanish National Police.
Richard B. Newman is an FTC advertising compliance and litigation defense attorney at Hinch Newman LLP. He advises Internet marketers and advertisers about legal requirements related to national direct marketing campaigns. Follow him on Facebook FTC defense lawyer.
Informational purposes only. Not legal advice. Always seek the advice of an attorney. Previous case results do not guarantee similar future result. Hinch Newman LLP | 40 Wall St., 35th Floor, New York, NY 10005 | (212) 756-8777.