Aleksandr Suvorov, of Estonia, was sentenced yesterday to seven years in prison for his role in two separate hacking schemes involving a total of more than 240,000 stolen credit card numbers.
Suvorov, 28, was sentenced by U.S. District Judge Sandra J. Feuerstein in Central Islip, N.Y. Suvorov was an accomplice to Albert Gonzalez, one of the most prolific identity thieves ever prosecuted by the U.S. government.
Suvorov pleaded guilty in May 2009 to a wire fraud conspiracy charge, filed in the Eastern District of New York, for hacking into the national restaurant chain Dave & Buster’s and stealing more than 80,000 credit card numbers. In addition, Suvorov pleaded guilty in November 2011 to a trafficking in unauthorized access devices charge, originally filed in the Southern District of California, related to the sale of more than 160,000 stolen credit card numbers to an undercover agent with the U.S. Secret Service. The cases were consolidated in the Eastern District of New York for sentencing. In addition to his prison term, Suvorov was ordered to pay $675,000 in restitution and to satisfy a $300,000 asset forfeiture judgment stemming from the New York charges.
“Mr. Suvorov participated in a scheme to sell thousands of credit card numbers stolen from unsuspecting consumers,” said Assistant Attorney General Breuer. “Computer hackers like Mr. Suvorov victimize businesses and individuals, posing a serious threat to their financial security. Today’s sentence sends a clear message that cyber criminals operating abroad will suffer severe consequences for their crimes.”
According to court documents, in the New York case, Suvorov, Albert Gonzalez and a third co-conspirator devised a scheme to gain unauthorized access into the computer systems of Dave & Buster’s Inc. for the purposes of installing malicious software and extracting credit card information of the Dave & Buster’s patrons. Gonzalez, who was in Miami, sent a “packet sniffer” to a co-conspirator in Ukraine. The co-conspirator in Ukraine then provided the packet sniffer to Suvorov in Estonia. Suvorov, working with another individual, gained unauthorized access to 11 Dave & Buster’s restaurants throughout the United States, one of which was in Islandia, N.Y., and installed the packet sniffer. Suvorov and his co-conspirators ultimately obtained data from 81,005 credit cards.
Gonzalez was sentenced in March 2010 to 20 years in prison for his role in the Dave & Buster’s hack, as well as hacks into a major payment processor and several retail networks. The other co-conspirator was arrested in Turkey on related identity theft charges, and was sentenced there to 30 years in prison.
In the California case, Suvorov and an accomplice conspired to sell more than 160,000 stolen credit card numbers to a buyer in San Diego who was an undercover agent with the U.S. Secret Service. Suvorov provided the stolen credit card numbers to an accomplice, who in turn sold them to the undercover agent.
Source: U.S. Department of Justice