A Ukrainian hacker who was a member of a well-known cybercrime ring that stole millions of credit-card records has been sentenced to five years in jail in Seattle.
Denys Iarmak, 32, a former FIN7 penetration tester and was a third member of the hacker organization FIN7. He was arrested in Bangkok in November 2019 and extradited to the United States at the request of US investigators and was sentenced to five years in jail on Thursday by the United States Department of Justice (DoJ) for his crimes.
Prosecutors charged him last year with wire fraud and computer hacking conspiracies. US District Judge Ricardo Martinez punished him on April 7, citing the gang plundering the US, which is currently backing Ukraine against Russia’s invasion.
According to prosecutors, FIN7 has been using phishing scams to hack into the computer networks and point-of-sale terminals of around 3,600 businesses in all 50 states since at least 2015. FIN7 targeted persons working in hotels, casinos, and restaurants with fake emails and phone calls. Malicious USB devices that are physically mailed to unwary firms are among the viruses used by the group.
FIN7, according to Blueliv analysts, is a major danger to today’s financial system. Damages to US businesses and consumers total at least $1 billion, according to the DoJ.
Prosecutors say Iarmak worked for the group as a pentester. The 32-year-old was in charge of controlling network intrusions, which is a pen tester’s job.
One of his jobs was to set up “projects” in JIRA to track cyberattacks, including how they started, how they progressed, and data theft. It was possible for people in the group to comment on and give each other advice on projects that they did.
“As one example, Iarmak created a JIRA issue, to which he and other members of the cybergroup had access, for a specific victim company, and, on or about March 3, 2017, Iarmak updated that JIRA and uploaded data he had stolen from that company,” the DoJ says.
FIN7 would deploy malware to gain access to the victim’s financial information, which the gang would later sell or utilize in various illegal ways.
“Iarmak and his conspirators compromised millions of financial accounts, causing over a billion dollars in losses to Americans and costs to America’s economy,” Assistant Attorney General Kenneth Polite said in a news release.
Fedir Hladyr, a FIN7 member, was sentenced to 10 years in prison last year, and Andriy Kolpakov, another conspirator, received seven years.
For $2.5 million, Hladyr agreed to pay back the money he took from FIN7. Wire fraud and computer hacking charges: Kolpakov agreed to pay $2.5 million in restitution after he agreed to plead guilty.
“Iarmak was directly involved in designing phishing emails embedded with malware, intruding on victim networks, and extracting data such as payment card information,” commented US Attorney Nicholas Brown of the Western District of Washington. “To make matters worse, he continued his work with the FIN7 criminal enterprise even after the arrests and prosecution of co-conspirators.”