Three Fin7 hackers arrested and facing charges of felony and ID theft

The men belong to the Fin7 group, which has been linked to attacks on companies and individuals

Three men accused of leading a hacking group that has allegedly stolen more than 15 million credit card details have been taken into custody by the US Department of Justice.

Dmytro Fedorov (44), Fedir Hladyr (33) and Andrii Kopakov (30) are Ukrainian nationals facing charges of 26 accounts of felony, including wire fraud, conspiracy aggravated identity theft and, of course, hacking.

The Fin7 group, which Fedorov et al. are said to belong to, has also been known as Carbanak and JokerStash.

According to the DoJ, the group used malware to attack more than 120 firms in the USA, Europe and Australia. They also stole credit card details from more than 6,500 ATMs in the US alone, which they then sold on the dark net. Losses are believed to be in excess of $10 million.

Currently only Hladyr is being held in US custody, pending trial. He was arrested by German authorities in January.

Fedorov was also arrested in January, in Poland, while Kopakov is being held in Spain. The DoJ is seeking to have both men extradited.

The FBI agent in charge of the case, Jay Tabb, said, "The naming of these Fin7 leaders marks a major step towards dismantling this sophisticated criminal enterprise."

Dr Steven Murdoch from University College London told the BBC: "The criminal organisation, to which the individuals arrested are alleged to belong, is one of the larger groups, which likely is the reason for it attracting sufficient attention from law-enforcement.

"The clever techniques it used to infiltrate companies demonstrates that it is impossible to guarantee that systems processing card numbers will be protected from all attacks."

Tom Kellermann, chief cybersecurity officer at Carbon Black, said, "The Fin7 arrests underscore how financial motivation continues to play a major role in modern-day bank heists and also how weak security postures at retail stores and financial institutions can result in millions of stolen records.

Commenting on financial gain as the primary motivator for cyber attacks, he added, "We're seeing that motivation play out clearly with Fin7 and other criminal groups. It's clear Eastern European cybercriminals have become the modern Dillinger Gangs of the 1930s, only today's bank heists are conducted with the click of a mouse and the stroke of a key rather than a physical stick-up and a getaway car."

If extradition is successful, the three men will have to face charges on American soil - but may also be investigated by European law enforcement specialists, too.