Sound Stories. Sound Voices.
Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations
You are on the KUOW archive site. Click here to go to our current site.

Ukrainian credit card hackers to face Seattle court

You got an awesome burrito from Chipotle. They got your credit card info.
Flickr Photo (CC BY 2.0) howtostartablogonline.net
You got an awesome burrito from Chipotle. They got your credit card info.

You know not to open suspicious attachments in your email. But these hackers developed a way to work around your skepticism. 

They’d call up a restaurant, or a hotel, and say: "I want to make an order, or make a complaint. I’ll send it over as an email attachment."

U.S. Attorney Annette Hayes says the hackers preyed on our urge to help.

“When we see an email we think we recognize, it’s our job to be responsive to customers, right? Maybe we perceive it as something the boss would want us to handle right away," Hayes said. "So we’ll go and do things that then cause us to get infected.”

From Chipotle to Red Robin, eager-to-please employees at over 100 U.S. companies opened Word documents and rich text documents and saw nothing out of the ordinary. Meanwhile, Carbanak malware silently installed itself on the business's networks.

This Trojan horse allowed computer servers in Eastern Europe to install more powerful malware, which harvested the business's customer data, including information associated with 15 million credit and debit cards. 

That information then got sold on the dark web. Keep your eye out for unusual purchases on your credit card statement.

[asset-images[{"caption": "These sample emails probably look famliar for anyone with an email account. What brought FIN7 group to the next level, according to officials, was that they closely modeled these emails after correspondence unique to each business, and then called businesses, to make sure the email was received. That was often enough to overcome any skepticism.", "fid": "146399", "style": "placed_wide", "uri": "public://201808/fin7--email_example.jpg", "attribution": "Credit Federal Bureau of Investigation"}]]At a press conference on Wednesday, Hayes announced the arrest of three Ukrainians who allegedly ran this hacking ring known by many names including "FIN7." It operated from beneath the cover of a sham cyber security company, according to officials.

It's an ongoing investigation, and many more people are being investigated. But these arrests are intended to scare hackers, Hayes said. "We're going to find these people, and we're going to hold them to account," she said.

Fedir Hladyr, charged with running the servers, was arrested in Germany, and now awaits an October trial in Seattle. Dmytro Federov was picked up in Poland. Andrii Kolpakov was picked up in Lepe, Spain. Officials described those last two as hackers who also managed other hackers.

We reached out to the attorney for Fedir Hladyr, the only one of the three Ukrainians on U.S. soil currently. His attorney did not respond to our request for comment before publication.

In February, U.S. Attorney General Jeff Sessions directed the justice department to increase its investigation of cyber crimes. Though this investigation had begun long before that directive, officials described it as an example of high priority work. Half the cyber resources at the Seattle FBI field office are working on this case as well as hundreds of FBI staff nationwide.