An expert penetration tester working for the notorious cyber-crime gang FIN7 was sent down for seven years on Friday and told to cough up $2.5m for breaking into corporate computer systems.
Andrii Kolpakov, 33, a Ukrainian national, was cuffed by authorities in Lepe, Spain, in 2018, and extradited to the US in 2019. He was a high-ranking member of the crew, and served as its penetration tester from 2016 to 2018, looking for ways to exploit security vulnerabilities in businesses.
FIN7 injected malware into the networks of thousands of American food, hospitality, and gaming chains to steal customers’ financial details. Millions of credit and debit card numbers were scraped and later sold to other miscreants online, who went on spending sprees.
Kolpakov helped his teammates successfully breach fast-food titans like Chipotle, Arby’s, and Chili’s across all 50 states in the US. The Justice Dept said that all in all, FIN7 swiped more than 20 million card details from over 6,500 “individual point-of-sale terminals” at more than 3,600 locations that resulted in over $1bn in fraud and damages. The group also attacked businesses in the UK, Australia, and France.
He pleaded guilty to one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking, and has now been sentenced to seven years in the clink.
Other FIN7 members have had similar fates for their involvement. Fedir Hladyr, 35, a system administrator of the group also pleaded guilty to the same charges, and was sentenced to 10 years in prison. ®