US Court Sentences Organizer of Notorious Hacking Group to 10 Years

News

A U.S. federal judge sentenced on Friday the former systems administrator of the notorious hacking group FIN7 to 10 years in prison for his role in organizing a criminal network that stole more than a billion dollars from customers whose credit card information was stolen from point-of-sale terminals, according to a Department of Justice (DOJ) press release.

April 20, 2021

Ukrainian national Fedir Hladyr, 35, was sentenced after he pleaded guilty in the Western District of Washington to conspiracy to commit wire fraud and conspiracy to commit computer hacking, according to the press release.

“The defendant and his conspirators compromised millions of financial accounts and caused over a billion dollars in losses to Americans and costs to the U.S. economy,” Acting Assistant Attorney General Nicholas L. McQuaid said in a statement.

The hacking group FIN7 targeted the hospitality sector, using malware to obtain information from over 20 million card transactions from more than 6,500 point-of-sale terminals at over 3,600 U.S. locations, according to the Justice Department.

These attacks compromised computer networks of large chain restaurants like Chipotle Mexican Grill, Jason’s Deli, Chili’s, Arby’s and Red Robin, as well as casinos and other hospitality companies.

The hackers used phishing emails combined with phone calls to create the appearance of a legitimate business contact, enticing the recipient to eventually open an attachment which would unleash a modified version of the Carbanak malware to steal credit card information from the target’s customers. FIN7 then either used the information, or sold it to a third party through online dark markets.

The DoJ emphasized the sophistication of the criminal organization, noting that Hladyr played a key role in organizing and managing people at various levels of FIN7.

“This criminal organization had more than 70 people organized into business units and teams. Some were hackers, others developed the malware installed on computers, and still others crafted the malicious emails that duped victims into infecting their company systems,” said Acting U.S. Attorney Tessa M. Gorman of the Western District of Washington.

“This defendant worked at the intersection of all these activities and thus bears heavy responsibility for billions in damage caused to companies and individual consumers.”

Hladyr began his work with FIN7 when he started working for a cyber security company called Combi Security which he later discovered was a front for the hacking group.