A Fin7 sysadmin has pled guilty – the first higher-up to be found guilty of hacking in a US court.
The long back story begins like this: Once upon a time, there was a cybercrime wolf syndicate who pulled on the sheepskin of a penetration testing company, calling itself Combi Security and offering absolutely zero services or protection… but lots of penetration. We know it better as Fin7, also known as Carbanak Group or Navigator Group, among many other names. Starting in at least 2015, the notorious cybercrime network carried out a highly sophisticated malware campaign targeting more than 100 US companies. Those companies included big retailers like Lord & Taylor and Saks Fifth Avenue but were predominantly in the restaurant, gaming, and hospitality industries: all victims of Fin7’s hacking into thousands of computer systems and theft of millions of customer credit and debit card numbers.
The Feds arrested three high-ranking members of Fin7 in August 2018. All were Ukrainian nationals. And on Wednesday, one of those three – Fedir Oleksiyovich Hladyr – pled guilty to being the sysadmin who ran the group’s IT operations. Each of those three had been charged with 26 felony counts alleging conspiracy, wire fraud, computer hacking, access device fraud, and aggravated identity theft. But in the plea agreement filed in the US District Court for the Western District of Washington in Seattle on Wednesday, prosecutors dropped it down to just two charges: conspiracy to commit wire fraud, and conspiracy to commit computer hacking. All together, Hladyr’s looking at a prison sentence of no more than 25 years, plus fines of up to half a million dollars. This makes Hladyr the first member of Fin7 to be found guilty of hacking-related crimes in a US court.