Dmitriy Smilianets, one of five men accused of committing the largest hacking scheme ever prosecuted in the US, which was responsible for the theft of about $300 million, has pleaded not guilty.
Charges against Smilianets include conspiracy to commit wire fraud, wire fraud, and unauthorised access to computers. He faces 65 years in prison, should he be convicted.
According to Reuters, his attorney said he would fight the charges, and was investigating irregularities surrounding the circumstances of his arrest in, and extradition from, the Netherlands in 2012.
He, and four other hackers from Russia and the Ukraine, are accused of stealing more than 160 million credit card numbers in a series of attacks, that cost companies, including Nasdaq, JetBlue and JC Penney, about $300 million.
It is alleged Smilianets sold the stolen credit card data for amounts ranging from $10 for a US card number, to $50 for a European one. The attacks were carried out between 2005 and 2012.
Hacking chip-and-pin
EMV, the a global standard for authenticating credit and debit card transactions, has been deployed for 10 years and over a billion cards are in issue. Yet, it is only now starting to come under proper scrutiny.
Although touted as being totally secure, one vulnerability after another has been uncovered and exploited by cyber crooks.
Many ATMs and point-of-sale terminals have chronically defective random number generators. These are often just counters, and in fact, the EMV specification encourages this by requiring only that four successive values of a terminal's "unpredictable number" have to be different for it to pass conformance testing.
The result is that any criminal with transient access to a payment card can harvest authentication codes which enable a clone of the card for later use in ATMs and suchlike.
Share
