TJX (T.J. Maxx and Marshall’s) Hacker Jailed For 30 Years

The New Acunetix V12 Engine

You should be familiar with the TJX case by now (TJX Largest Breach of Customer Data in U.S. History) and we’ve been following it here for a couple of years.

We reported back in August last year that the TJX Credit Card Hackers were Busted and now one of the 11 guys involved has been slammed with one of the longest ever cybercrime sentences. He wasn’t directly involved in the TJX hack but he does seem to be one of the ‘enablers’ trading the stolen details and aiding in money laundering. He he said to have a made a massive $11 million from this!

Yastremskiy – or ‘Maksik’ as he was sometimes identified – was one of 11 people eventually arrested at the request of the US Department of Justice, with the Ukrainian reportedly being apprehended in undignified fashion outside a Turkish nightclub in 2008.

Yastremskiy’s part in the crime was allegedly to have purchased credit card numbers stolen during the huge crime, providing the gang with an economic hub for its activities. Other members of the gang hailed from Estonia, Belarus, China, and several parts of the US itself, underlining the global nature of modern electronic crime.

Although not the perpetrator of the hack itself, Yastremskiy would have been essential to its success. He is reported to have been suspected of being behind other crimes not related to the TJX Maxx affair.

Apparently on top of the crazy life sentence (life sentence is usually considered as 25 years) he got fined $23,000 as well – but that’s peanuts compared to the 11 mills he’s made. I think it’s a pretty harsh sentence, but the guy was flaunting it…not very wise really. And he was committing some pretty serious offline fraud with the money laundering, he was bound to get screwed with the US on his tail.

He was actually charged in August when we reported it for trafficking in stolen credit card information harvested from a string of retail firms including TJX, OfficeMax, Barnes & Noble, Forever 21, DSW, and Marshall’s, amongst others.

The TJX hack will go down as the first major disclosed commercial hack in history, after US-based hackers were able to ‘wardrive’ their way into a poorly-protected Wi-Fi system used for point-of-sale traffic. Forty-five million customer credit cards were said to have been exposed, leaving parent company. TJX Maxx, owning up to potential liabilities of at least $118 million.

Security vendors queued up to declare their satisfaction at the sentence. “Yastremskiy will certainly have plenty of time to ponder whether his hacking activities were worthwhile,” commented Graham Cluley of Sophos.

“The length of this jail time should also make others engaged in cybercrime think again,” he said. “It may seem like the chances of being caught are small, but there are more and more convictions happening all the time, and the authorities are getting better than ever at co-operating at an international level to catch the bad guys.”

US authorities have filed extradition papers but he still stood trial in Turkey for separate offences, if he ever makes it to the US it’s a good guess that he can cut a sweet deal by being a star witness for the prosecution and getting a reduced sentence in a much more comfortable white-collar US prison.

What do you guys think about the sentence, too harsh?

Source: Network World

Posted in: Hacking News, Legal Issues

, , ,

Latest Posts:

HTTP Security Considerations - An Introduction To HTTP Basics HTTP Security Considerations – An Introduction To HTTP Basics
HTTP is ubiquitous now with pretty much everything being powered by an API, a web application or some kind of cloud-based HTTP driven infrastructure. With that HTTP Security becomes paramount and to secure HTTP you have to understand it.
Cangibrina - Admin Dashboard Finder Tool Cangibrina – Admin Dashboard Finder Tool
Cangibrina is a Python-based multi platform admin dashboard finder tool which aims to obtain the location of website dashboards by using brute-force, wordlists etc.
Enumall - Subdomain Discovery Using Recon-ng & AltDNS Enumall – Subdomain Discovery Using Recon-ng & AltDNS
Enumall is a Python-based tool that helps you do subdomain discovery using only one command by combining the abilities of Recon-ng and AltDNS.
RidRelay - SMB Relay Attack For Username Enumeration RidRelay – SMB Relay Attack For Username Enumeration
RidRelay is a Python-based tool to enumerate usernames on a domain where you have no credentials by using a SMB Relay Attack with low privileges.
NetBScanner - NetBIOS Network Scanner NetBScanner – NetBIOS Network Scanner
NetBScanner is a NetBIOS network scanner tool that scans all computers in the IP addresses range you choose, using the NetBIOS protocol.
Metta - Information Security Adversarial Simulation Tool Metta – Information Security Adversarial Simulation Tool
Metta is an information security preparedness tool in Python to help with adversarial simulation and assess security defense preparation and alerts.

7 Responses to TJX (T.J. Maxx and Marshall’s) Hacker Jailed For 30 Years

  1. Silver January 9, 2009 at 11:59 am #

    It is possible Yastremskiy might get released on parole, I know nothing of Turkish law. I’m curious as to what happens next on his trip to the the US. Also what about the organizations/individuals whom purchased the information, shouldn’t they be penalized as well?

    This story is far from over.

  2. d347hm4n January 9, 2009 at 1:30 pm #

    I hope he never gets to the states, they are far to draconian in their sentencing, currency is but a value in a database somewhere, rapist get less time in jail…

  3. dblackshell January 9, 2009 at 2:27 pm #

    I totally agree with d347hm4n, and not only about US. In general internet laws are, or do seem, harsh. I think that he should be fined, and put in jail only if he doesn’t reveal the other 10 people behind the massive data theft…

    And as always, I am a little bit skeptic about the numbers: $118 million…

    US-based hackers were able to

  4. Naz January 13, 2009 at 1:17 am #

    I think its quite harsh, when you consider how much time Bernard Madoff has spent in jail so far.

  5. Mike January 13, 2009 at 8:47 pm #

    Set an example and let him rot, imo. Although I’d be happy to see his sentence drastically reduced in exchange for info to ferret out the rest of the crime organization he was working with.

  6. jg January 14, 2009 at 8:45 pm #

    Let him rot, he made the choice, he can’t choose the consequences!! No one told him to get involved in criminal activity. I hope he stays in a jail in Turkey, that is assuming their more harsh.

    I would think this would be all over the news! Oh well, 1 down, million more to go!

  7. Bogwitch January 14, 2009 at 9:20 pm #

    Nah, let him make a deal, promise him an early release and an open prison if he hands over his co-conspiritors. Then give him his 30 years in a Turkish Prison. Give him a reduction in sentence only if he can return what he stole.