09 January 2009 | 5,478 views

TJX (T.J. Maxx and Marshall’s) Hacker Jailed For 30 Years

Check For Vulnerabilities with Acunetix

You should be familiar with the TJX case by now (TJX Largest Breach of Customer Data in U.S. History) and we’ve been following it here for a couple of years.

We reported back in August last year that the TJX Credit Card Hackers were Busted and now one of the 11 guys involved has been slammed with one of the longest ever cybercrime sentences. He wasn’t directly involved in the TJX hack but he does seem to be one of the ‘enablers’ trading the stolen details and aiding in money laundering. He he said to have a made a massive $11 million from this!

Yastremskiy – or ‘Maksik’ as he was sometimes identified – was one of 11 people eventually arrested at the request of the US Department of Justice, with the Ukrainian reportedly being apprehended in undignified fashion outside a Turkish nightclub in 2008.

Yastremskiy’s part in the crime was allegedly to have purchased credit card numbers stolen during the huge crime, providing the gang with an economic hub for its activities. Other members of the gang hailed from Estonia, Belarus, China, and several parts of the US itself, underlining the global nature of modern electronic crime.

Although not the perpetrator of the hack itself, Yastremskiy would have been essential to its success. He is reported to have been suspected of being behind other crimes not related to the TJX Maxx affair.

Apparently on top of the crazy life sentence (life sentence is usually considered as 25 years) he got fined $23,000 as well – but that’s peanuts compared to the 11 mills he’s made. I think it’s a pretty harsh sentence, but the guy was flaunting it…not very wise really. And he was committing some pretty serious offline fraud with the money laundering, he was bound to get screwed with the US on his tail.

He was actually charged in August when we reported it for trafficking in stolen credit card information harvested from a string of retail firms including TJX, OfficeMax, Barnes & Noble, Forever 21, DSW, and Marshall’s, amongst others.

The TJX hack will go down as the first major disclosed commercial hack in history, after US-based hackers were able to ‘wardrive’ their way into a poorly-protected Wi-Fi system used for point-of-sale traffic. Forty-five million customer credit cards were said to have been exposed, leaving parent company. TJX Maxx, owning up to potential liabilities of at least $118 million.

Security vendors queued up to declare their satisfaction at the sentence. “Yastremskiy will certainly have plenty of time to ponder whether his hacking activities were worthwhile,” commented Graham Cluley of Sophos.

“The length of this jail time should also make others engaged in cybercrime think again,” he said. “It may seem like the chances of being caught are small, but there are more and more convictions happening all the time, and the authorities are getting better than ever at co-operating at an international level to catch the bad guys.”

US authorities have filed extradition papers but he still stood trial in Turkey for separate offences, if he ever makes it to the US it’s a good guess that he can cut a sweet deal by being a star witness for the prosecution and getting a reduced sentence in a much more comfortable white-collar US prison.

What do you guys think about the sentence, too harsh?

Source: Network World



Recent in General Hacking:
- Kali Linux – The Most Advanced Penetration Testing Linux Distribution
- Microsoft Says You SHOULD Re-use Passwords Across Sites
- Dradis v2.9 – Information Sharing For Security Assessments

Related Posts:
- Spanish ‘Super’ Hacker Jailed for 2 Years over DoS attack
- Webcam Hacker Jailed for 4 Years for Spying on Teenager
- TJX (T.J. Maxx and Marshall’s) Largest Breach of Customer Data in U.S. History

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,140,882 views
- Hack Tools/Exploits - 585,144 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 416,219 views

Low-cost VPS Hosting

7 Responses to “TJX (T.J. Maxx and Marshall’s) Hacker Jailed For 30 Years”

  1. Silver 9 January 2009 at 11:59 am Permalink

    It is possible Yastremskiy might get released on parole, I know nothing of Turkish law. I’m curious as to what happens next on his trip to the the US. Also what about the organizations/individuals whom purchased the information, shouldn’t they be penalized as well?

    This story is far from over.

  2. d347hm4n 9 January 2009 at 1:30 pm Permalink

    I hope he never gets to the states, they are far to draconian in their sentencing, currency is but a value in a database somewhere, rapist get less time in jail…

  3. dblackshell 9 January 2009 at 2:27 pm Permalink

    I totally agree with d347hm4n, and not only about US. In general internet laws are, or do seem, harsh. I think that he should be fined, and put in jail only if he doesn’t reveal the other 10 people behind the massive data theft…

    And as always, I am a little bit skeptic about the numbers: $118 million…

    US-based hackers were able to

  4. Naz 13 January 2009 at 1:17 am Permalink

    I think its quite harsh, when you consider how much time Bernard Madoff has spent in jail so far.

  5. Mike 13 January 2009 at 8:47 pm Permalink

    Set an example and let him rot, imo. Although I’d be happy to see his sentence drastically reduced in exchange for info to ferret out the rest of the crime organization he was working with.

  6. jg 14 January 2009 at 8:45 pm Permalink

    Let him rot, he made the choice, he can’t choose the consequences!! No one told him to get involved in criminal activity. I hope he stays in a jail in Turkey, that is assuming their more harsh.

    I would think this would be all over the news! Oh well, 1 down, million more to go!

  7. Bogwitch 14 January 2009 at 9:20 pm Permalink

    Nah, let him make a deal, promise him an early release and an open prison if he hands over his co-conspiritors. Then give him his 30 years in a Turkish Prison. Give him a reduction in sentence only if he can return what he stole.