In 2007, Ukrainian Maksym Yastremsky was the most prolific credit card hacker in the world. He’d stolen over 40 million cards from mostly U.S.-based retailers. He’d cost credit card companies over $11 million.
In 2008 he was arrested in Turkey after the U.S. Secret Service infiltrated his network. Here’s how they did it:
Flashback to 2004, when the Secret Service — which handles currency crimes — got wind of a criminal ring using stolen credit cards to buy high end electronics in the Los Angeles area.
Rather than bust the ring outright, they struck a deal. The ring leader would introduce an undercover Secret Service agent to the source of his stolen credit cards under the guise that the agent was a new partner in the criminal ring. Naturally, the idea was to move up the food chain, and ultimately nab the cyber criminals at the heart of the hacking underworld.
“So what I ended up doing was communicating via instant message and I started talking to people in South East Asia,” said the undercover agent, in an exclusive interview with CNN.
As part of the ruse, the agent explained that he needed all the tools to start a new ring that used phony cards to make purchases — the machines to make the cards, the special plastic to make them out of and, most importantly, the stolen card numbers. For those, he was connected with Yastremsky.
“He had the most recent, the largest credit card data,” said the agent. “Often times I knew about the breaches before they were being reported. These people were my friends online and they were selling me their new databases as they were getting them straight from the breach.”
Yastremsky worked with a variety of hackers to steal the data — sometimes placing malware directly on the networks at major retailers. As soon as you’d swipe your card, the criminals would have your info.
To solidify the burgeoning relationship — and to help build the criminal case — it was decided that the agent would meet with Yastremsky in person. Up until then their meetings had only been online, and Yastremsky was known only by his internet handle — Maksic.
“We met numerous times in South East Asia, and several times in the Middle East,” said the agent, who still works for the Secret Service. “It was business and a mixture of just, of being a friend. We wore towels, beachwear, hung out at the beach, rode wave-runners, went parasailing.”
Related: Massive data theft hit 40% of South Koreans last month
When the Secret Service decided it had enough information, a plan was hatched to make the arrest. It would take place in Turkey, with the help of Turkish police. The Secret Service agent and Yastremsky were there together staying at a resort, and the plan was to go out clubbing that night.
“We just came back home and when we came back to the hotel, the police were in place and they arrested us as we walked back onto the resort,” said the agent, who was also arrested to maintain cover. “I did the first thing that came natural — I just started lying to the police.”
During his whole time undercover, the agent said he never really felt threatened.
“They just seemed like regular individuals, people that you would see on the street, people that you would see on the subway,” he said. “None of them came off as looking like a mafia figure or the next big criminal.”
Yastremsky is now serving 30 years in a Turkish prison on charges related to the credit card thefts.
Since 2008 there have been many new instances of credit card theft — most recently the 40 million credit cards that were compromised through a breach at Target.
While it seems like such cases are on the rise, the Secret Service says that’s not necessarily the case.
“It’s probably a bias to say they are coming fast and furious,” said Ed Lowery, head of the criminal investigative division at the Secret Service. “It just so happens we have three that have all come to light in recent history.”