Security News > 2020 > May > New Yorker Indicted for Stealing Card Data via SQL Injection Attacks
The United States Department of Justice this week announced that a New York City man was charged for his participation in a cybercrime scheme involving the theft and trafficking of payment card data.
The man, Vitalii Antonenko, 28, who was arrested in March 2019, was indicted for conspiring to gain unauthorized access to computer networks and traffic in unauthorized access devices, and for money laundering.
According to the indictment, Antonenko and co-conspirators searched the Internet for vulnerable networks containing card account numbers, expiration dates, and card verification values, along with other personally identifiable information.
Employing SQL injection attacks, they exfiltrated data of interest and put it up for sale on online criminal marketplaces.
Antonenko faces up to 20 years in prison and a $500,000 fine for the charges related to money laundering conspiracy.