Manhattan U.S. Attorney and FBI Assistant Director in Charge Announce Charges Against Russian National for Hacking NASDAQ Servers
Charges Also Brought in Connection with Computer Hacks of U.S. Financial Institutions That Resulted in the Theft of Millions of Dollars from More Than 800,000 Victim Bank Accounts
|U.S. Attorney’s Office July 25, 2013|
Preet Bharara, the United States Attorney for the Southern District of New York, and George Venizelos, the Assistant Director in Charge of the New York Office of the Federal Bureau of Investigation (FBI), announced today the unsealing of an indictment against a Russian hacker, ALEKSANDR KALININ, aka “Grig,” aka “g,” aka “tempo,” for hacking certain computer servers used by the NASDAQ Stock Market (NASDAQ). In a separate indictment also unsealed today, KALININ and another Russian hacker, NIKOLAY NASENKOV, were charged with an international scheme to steal bank account information by hacking U.S.-based financial institutions and then using the stolen account information to withdraw millions of dollars from the victims’ bank accounts. KALININ has also been charged in a separate indictment unsealed in federal court in Newark, New Jersey. KALININ and NASENKOV remain at large.
Manhattan U.S. Attorney Preet Bharara said: “As today’s allegations make clear, cyber criminals are determined to prey not only on individual bank accounts, but on the financial system itself. But would-be cyber thieves should take note: Because of the close and growing collaboration between the U.S. government and the private sector on issues of cyber security, our ability to unmask and prosecute the anonymous perpetrators of cyber crimes—wherever they may be located—has never been stronger.”
FBI Assistant Director in Charge George Venizelos said: “As alleged, Kalinin infiltrated NASDAQ’s servers, allowing for the manipulation and theft of sensitive data. In a series of separate schemes, Kalinin and Nasenkov stole hundreds of thousands of bank account numbers, PINs, and other code to withdraw millions of dollars from victim accounts. Today, their password has expired.”
According to the allegations in the Indictments unsealed today in Manhattan federal court:
The NASDAQ Hack
From November 2008 through October 2010, KALININ hacked various computer servers used by the NASDAQ to conduct its business operations. During the course of the hack, KALININ installed on certain NASDAQ servers malicious software, or malware, which enabled him and others to surreptitiously access the infected NASDAQ servers and execute commands on those servers, including commands to delete, change or steal data. The infected servers did not include the trading platform that allows NASDAQ customers to buy and sell securities.
The Citibank and PNC Bank Hacks
From December 2005 through November 2008, KALININ and NASENKOV allegedly stole bank account information from financial institutions through computer hacking. KALININ, NASENKOV, and their co-conspirators then used that account data to access the bank accounts of thousands of individual victims without authorization and without those victims’ knowledge, resulting in the theft of millions of dollars from those accounts.
The defendants fraudulently obtained bank account numbers, customer identification numbers (a unique number embossed or printed on the front of an ATM card), card verification values (a security feature which helps authenticate an ATM card), and personal identification numbers (PINs) for victims’ accounts at financial institutions, including Citibank and PNC Bank, through computer hacking and other techniques. As part of the scheme, the defendants and their co-conspirators then encoded the stolen account data onto the magnetic strips of blank plastic ATM cards so that those ATM cards could be used to access individual victims’ bank accounts through ATMs. The ATM cards were then used, along with the stolen account PINs, to access individual victims’ accounts through ATMs located around the world, including in the United States, Estonia, Canada, Great Britain, Russia, and Turkey, and to withdraw from those accounts millions of dollars.
In January 2006, the PINs for hundreds of customer accounts were compromised as a result of a cyber attack launched against PNC Bank’s online banking website. NASENKOV allegedly supplied stolen account information, including PINs, from the compromised bank accounts to co-conspirators who, in turn, used the stolen account information to encode blank ATM cards and withdraw approximately $1.3 million from victims’ accounts.
In 2007, KALININ allegedly placed malware on a computer network that processed ATM transactions for Citibank and other financial institutions. The malware recorded data passing over the network and exported it to an outside computer. Using this malicious computer code, KALININ stole bank account information for approximately 500,000 bank accounts, including approximately 100,000 Citibank accounts. The stolen account information was used to create ATM cards that in turn were used to withdraw approximately $2.9 million from Citibank customers’ accounts.
In 2008, NASENKOV allegedly used a computer program to mount an attack against Citibank’s online banking website that resulted in the theft of account information for more than 300,000 accounts. The stolen account information was used to create ATM cards that in turn were used to withdraw approximately $3.6 million from the compromised accounts.
KALININ, 26, of St. Petersburg, Russia, is charged with one count of computer hacking in connection with the NASDAQ hack, which carries a maximum sentence of 10 years in prison. In connection with the scheme to steal bank account information, KALININ is charged with one count of conspiracy to commit bank fraud, which carries a maximum sentence of 30 years in prison; four counts of bank fraud, each of which carries a maximum sentence of 30 years in prison; one count of conspiracy to commit access device fraud, which carries a maximum sentence of seven and a half years in prison; one count of aggravated identity theft, which carries a mandatory sentence of two years in prison; and one count of conspiracy to commit computer intrusion, which carries a maximum sentence of five years in prison.
NASENKOV, 31, of St. Petersburg, Russia, is charged with one count of conspiracy to commit bank fraud, which carries a maximum sentence of 30 years in prison; four counts of bank fraud, each of which carries a maximum sentence of 30 years in prison; one count of conspiracy to commit access device fraud, which carries a maximum sentence of seven and a half years in prison; one count of computer intrusion to obtain information, which carries a maximum sentence of five years in prison; one count of computer intrusion to further fraud, which carries a maximum sentence of five years in prison; one count of aggravated identity theft, which carries a mandatory sentence of two years in prison; one count of conspiracy to commit money laundering, which carries a maximum sentence of 20 years in prison; and one count of conspiracy to commit computer intrusion, which carries a maximum sentence of five years in prison.
Mr. Bharara praised the outstanding investigative work of the FBI. In addition, Mr. Bharara thanked NASDAQ, Citibank, and PNC Bank for their cooperation and assistance in the investigations. Mr. Bharara also thanked the Department of Justice’s Computer Crime and Intellectual Property Section for their support.
The prosecution of this case is being handled by the Office’s Complex Frauds Unit. Assistant United States Attorneys Thomas G.A. Brown, Sarah Lai, Joseph Facciponti, and James J. Pastore, Jr., are in charge of the prosecution.
The charges contained in the indictments are merely accusations, and the defendants are presumed innocent unless and until proven guilty.
Follow the FBI’s New York Office on Twitter.