TJX (T.J. Maxx and Marshall’s) Hacker Jailed For 30 Years

You should be familiar with the TJX case by now (TJX Largest Breach of Customer Data in U.S. History) and we’ve been following it here for a couple of years.

We reported back in August last year that the TJX Credit Card Hackers were Busted and now one of the 11 guys involved has been slammed with one of the longest ever cybercrime sentences. He wasn’t directly involved in the TJX hack but he does seem to be one of the ‘enablers’ trading the stolen details and aiding in money laundering. He he said to have a made a massive $11 million from this!

Yastremskiy – or ‘Maksik’ as he was sometimes identified – was one of 11 people eventually arrested at the request of the US Department of Justice, with the Ukrainian reportedly being apprehended in undignified fashion outside a Turkish nightclub in 2008.

Yastremskiy’s part in the crime was allegedly to have purchased credit card numbers stolen during the huge crime, providing the gang with an economic hub for its activities. Other members of the gang hailed from Estonia, Belarus, China, and several parts of the US itself, underlining the global nature of modern electronic crime.

Although not the perpetrator of the hack itself, Yastremskiy would have been essential to its success. He is reported to have been suspected of being behind other crimes not related to the TJX Maxx affair.

Apparently on top of the crazy life sentence (life sentence is usually considered as 25 years) he got fined $23,000 as well – but that’s peanuts compared to the 11 mills he’s made. I think it’s a pretty harsh sentence, but the guy was flaunting it…not very wise really. And he was committing some pretty serious offline fraud with the money laundering, he was bound to get screwed with the US on his tail.

He was actually charged in August when we reported it for trafficking in stolen credit card information harvested from a string of retail firms including TJX, OfficeMax, Barnes & Noble, Forever 21, DSW, and Marshall’s, amongst others.

The TJX hack will go down as the first major disclosed commercial hack in history, after US-based hackers were able to ‘wardrive’ their way into a poorly-protected Wi-Fi system used for point-of-sale traffic. Forty-five million customer credit cards were said to have been exposed, leaving parent company. TJX Maxx, owning up to potential liabilities of at least $118 million.

Security vendors queued up to declare their satisfaction at the sentence. “Yastremskiy will certainly have plenty of time to ponder whether his hacking activities were worthwhile,” commented Graham Cluley of Sophos.

“The length of this jail time should also make others engaged in cybercrime think again,” he said. “It may seem like the chances of being caught are small, but there are more and more convictions happening all the time, and the authorities are getting better than ever at co-operating at an international level to catch the bad guys.”

US authorities have filed extradition papers but he still stood trial in Turkey for separate offences, if he ever makes it to the US it’s a good guess that he can cut a sweet deal by being a star witness for the prosecution and getting a reduced sentence in a much more comfortable white-collar US prison.

What do you guys think about the sentence, too harsh?

Source: Network World

Posted in: Hacking News, Legal Issues

, , ,

Latest Posts:

APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc
GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process
zANTI - Android Wireless Hacking Tool Free Download zANTI – Android Wireless Hacking Tool Free Download
zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using mobile.
HELK - Open Source Threat Hunting Platform HELK – Open Source Threat Hunting Platform
The Hunting ELK or simply the HELK is an Open-Source Threat Hunting Platform with advanced analytics capabilities such as SQL declarative language, graphing etc
trape - OSINT Analysis Tool For People Tracking Trape – OSINT Analysis Tool For People Tracking
Trape is an OSINT analysis tool, which allows people to track and execute intelligent social engineering attacks in real-time.

7 Responses to TJX (T.J. Maxx and Marshall’s) Hacker Jailed For 30 Years

  1. Silver January 9, 2009 at 11:59 am #

    It is possible Yastremskiy might get released on parole, I know nothing of Turkish law. I’m curious as to what happens next on his trip to the the US. Also what about the organizations/individuals whom purchased the information, shouldn’t they be penalized as well?

    This story is far from over.

  2. d347hm4n January 9, 2009 at 1:30 pm #

    I hope he never gets to the states, they are far to draconian in their sentencing, currency is but a value in a database somewhere, rapist get less time in jail…

  3. dblackshell January 9, 2009 at 2:27 pm #

    I totally agree with d347hm4n, and not only about US. In general internet laws are, or do seem, harsh. I think that he should be fined, and put in jail only if he doesn’t reveal the other 10 people behind the massive data theft…

    And as always, I am a little bit skeptic about the numbers: $118 million…

    US-based hackers were able to

  4. Naz January 13, 2009 at 1:17 am #

    I think its quite harsh, when you consider how much time Bernard Madoff has spent in jail so far.

  5. Mike January 13, 2009 at 8:47 pm #

    Set an example and let him rot, imo. Although I’d be happy to see his sentence drastically reduced in exchange for info to ferret out the rest of the crime organization he was working with.

  6. jg January 14, 2009 at 8:45 pm #

    Let him rot, he made the choice, he can’t choose the consequences!! No one told him to get involved in criminal activity. I hope he stays in a jail in Turkey, that is assuming their more harsh.

    I would think this would be all over the news! Oh well, 1 down, million more to go!

  7. Bogwitch January 14, 2009 at 9:20 pm #

    Nah, let him make a deal, promise him an early release and an open prison if he hands over his co-conspiritors. Then give him his 30 years in a Turkish Prison. Give him a reduction in sentence only if he can return what he stole.