TJX (T.J. Maxx and Marshall’s) Hacker Jailed For 30 Years

You should be familiar with the TJX case by now (TJX Largest Breach of Customer Data in U.S. History) and we’ve been following it here for a couple of years.

We reported back in August last year that the TJX Credit Card Hackers were Busted and now one of the 11 guys involved has been slammed with one of the longest ever cybercrime sentences. He wasn’t directly involved in the TJX hack but he does seem to be one of the ‘enablers’ trading the stolen details and aiding in money laundering. He he said to have a made a massive $11 million from this!

Yastremskiy – or ‘Maksik’ as he was sometimes identified – was one of 11 people eventually arrested at the request of the US Department of Justice, with the Ukrainian reportedly being apprehended in undignified fashion outside a Turkish nightclub in 2008.

Yastremskiy’s part in the crime was allegedly to have purchased credit card numbers stolen during the huge crime, providing the gang with an economic hub for its activities. Other members of the gang hailed from Estonia, Belarus, China, and several parts of the US itself, underlining the global nature of modern electronic crime.

Although not the perpetrator of the hack itself, Yastremskiy would have been essential to its success. He is reported to have been suspected of being behind other crimes not related to the TJX Maxx affair.

Apparently on top of the crazy life sentence (life sentence is usually considered as 25 years) he got fined $23,000 as well – but that’s peanuts compared to the 11 mills he’s made. I think it’s a pretty harsh sentence, but the guy was flaunting it…not very wise really. And he was committing some pretty serious offline fraud with the money laundering, he was bound to get screwed with the US on his tail.

He was actually charged in August when we reported it for trafficking in stolen credit card information harvested from a string of retail firms including TJX, OfficeMax, Barnes & Noble, Forever 21, DSW, and Marshall’s, amongst others.

The TJX hack will go down as the first major disclosed commercial hack in history, after US-based hackers were able to ‘wardrive’ their way into a poorly-protected Wi-Fi system used for point-of-sale traffic. Forty-five million customer credit cards were said to have been exposed, leaving parent company. TJX Maxx, owning up to potential liabilities of at least $118 million.

Security vendors queued up to declare their satisfaction at the sentence. “Yastremskiy will certainly have plenty of time to ponder whether his hacking activities were worthwhile,” commented Graham Cluley of Sophos.

“The length of this jail time should also make others engaged in cybercrime think again,” he said. “It may seem like the chances of being caught are small, but there are more and more convictions happening all the time, and the authorities are getting better than ever at co-operating at an international level to catch the bad guys.”

US authorities have filed extradition papers but he still stood trial in Turkey for separate offences, if he ever makes it to the US it’s a good guess that he can cut a sweet deal by being a star witness for the prosecution and getting a reduced sentence in a much more comfortable white-collar US prison.

What do you guys think about the sentence, too harsh?

Source: Network World

Posted in: Hacking News, Legal Issues

, , ,

Latest Posts:

tko-subs - Detect & Takeover Subdomains With Dead DNS Records tko-subs – Detect & Takeover Subdomains With Dead DNS Records
tko-subs is a tool that helps you to detect & takeover subdomains with dead DNS records, this could be dangling CNAMEs point to hosting services and more.
Arcane - Tool To Backdoor iOS Packages (iPhone ARM) Arcane – Tool To Backdoor iOS Packages (iPhone ARM)
Arcane is a simple script tool to backdoor iOS packages (iPhone ARM) and create the necessary resources for APT repositories.
SharpHose - Asynchronous Password Spraying Tool SharpHose – Asynchronous Password Spraying Tool
SharpHose is an asynchronous password spraying tool in C# for Windows environments that takes into consideration fine-grained password policies and can be run over Cobalt Strike's execute-assembly.
Axiom - Pen-Testing Server For Collecting Bug Bounties Axiom – Pen-Testing Server For Collecting Bug Bounties
Project Axiom is a set of utilities for managing a small dynamic infrastructure setup for bug bounty, basically a pen-testing server out of the box with 1-line.
Quasar RAT - Windows Remote Administration Tool Quasar RAT – Windows Remote Administration Tool
Quasar is a fast and light-weight Windows remote administration tool coded in C#. Used for user support through day-to-day administrative work to monitoring.
Pingcastle - Active Directory Security Assessment Tool Pingcastle – Active Directory Security Assessment Tool
PingCastle is a Active Directory Security Assessment Tool designed to quickly assess the Active Directory security level based on a risk and maturity framework.

7 Responses to TJX (T.J. Maxx and Marshall’s) Hacker Jailed For 30 Years

  1. Silver January 9, 2009 at 11:59 am #

    It is possible Yastremskiy might get released on parole, I know nothing of Turkish law. I’m curious as to what happens next on his trip to the the US. Also what about the organizations/individuals whom purchased the information, shouldn’t they be penalized as well?

    This story is far from over.

  2. d347hm4n January 9, 2009 at 1:30 pm #

    I hope he never gets to the states, they are far to draconian in their sentencing, currency is but a value in a database somewhere, rapist get less time in jail…

  3. dblackshell January 9, 2009 at 2:27 pm #

    I totally agree with d347hm4n, and not only about US. In general internet laws are, or do seem, harsh. I think that he should be fined, and put in jail only if he doesn’t reveal the other 10 people behind the massive data theft…

    And as always, I am a little bit skeptic about the numbers: $118 million…

    US-based hackers were able to

  4. Naz January 13, 2009 at 1:17 am #

    I think its quite harsh, when you consider how much time Bernard Madoff has spent in jail so far.

  5. Mike January 13, 2009 at 8:47 pm #

    Set an example and let him rot, imo. Although I’d be happy to see his sentence drastically reduced in exchange for info to ferret out the rest of the crime organization he was working with.

  6. jg January 14, 2009 at 8:45 pm #

    Let him rot, he made the choice, he can’t choose the consequences!! No one told him to get involved in criminal activity. I hope he stays in a jail in Turkey, that is assuming their more harsh.

    I would think this would be all over the news! Oh well, 1 down, million more to go!

  7. Bogwitch January 14, 2009 at 9:20 pm #

    Nah, let him make a deal, promise him an early release and an open prison if he hands over his co-conspiritors. Then give him his 30 years in a Turkish Prison. Give him a reduction in sentence only if he can return what he stole.