Andrii Kolpakov, Debit and Credit Card Scheme, Washington 2020
Seattle, Washington - A Ukrainian national was sentenced to 7 years in prison for his role in the criminal work of the hacking group FIN7. Andrii Kolpakov, 33, was also ordered to pay restitution in the amount of $2,500,000. At the sentencing hearing, Chief U.S. District Judge Ricardo S. Martinez said, “To indiscriminately prey on millions of people… the consequences must be serious.”
According to documents filed in the case, statements made at the sentencing, and public documents, Andrii Kolpakov served as a high-level hacker, whom the group referred to as a “pen tester,” for FIN7. He was arrested in Lepe, Spain, on June 28, 2018, at the request of U.S. law enforcement and was extradited to the United States on June 1, 2019. In June 2020, he pleaded guilty to one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking.
“This defendant breached the security of numerous U.S. businesses and managed a team of hackers hunting payment card information,” said Acting U.S. Attorney Tessa M. Gorman. “He was not the leader – but he was an instrumental cog in the wheel – training recruits, developing new hacking techniques, and adding to FIN7’s malware arsenal. He left millions of victims in his wake and, together with his fellow hackers, caused tremendous harm to U.S. interests, estimated to be in the billions of dollars.”
According to public documents, since at least 2015 members of FIN7 (also referred to as Carbanak Group and the Navigator Group, among other names) engaged in a highly sophisticated malware campaign to attack hundreds of U.S. companies, predominantly in the restaurant, gambling, and hospitality industries. FIN7 hacked into thousands of computer systems and stole millions of customer credit and debit card numbers that were then used or sold for profit. FIN7, through its dozens of members, launched waves of malicious cyberattacks on numerous businesses operating in the United States and abroad.
In the United States alone, FIN7 successfully breached the computer networks of businesses in all 50 states and the District of Columbia, stealing more than 20 million customer card records from over 6,500 individual point-of-sale terminals at more than 3,600 separate business locations. According to court documents, victims incurred enormous costs that, according to some estimates, exceeded one billion dollars. Additional intrusions occurred abroad, including in the United Kingdom, Australia, and France. Companies that have publicly disclosed hacks attributable to FIN7 include Chipotle Mexican Grill, Chili’s, Arby’s, Red Robin, and Jason’s Deli.
Kolpakov was involved with FIN7 from at least April 2016, until his arrest in June 2018. He also managed other hackers tasked with breaching the security of victims’ computer systems. During the course of the scheme, Kolpakov received compensation for his participation in FIN7, which far exceeded comparable legitimate employment in Ukraine. Moreover, FIN7 members, including Kolpakov, were aware of reported arrests of other FIN7 members, but nevertheless continued to attack U.S. businesses.
Key Facts
- State: Washington
- Category: Cybercrime
- Source: DOJ Press Release â†â€â€
ðŸâ€Â’ Get the grimiest stories delivered weekly. Subscribe free →