Ukrainians hacked restaurants in Lynnwood and Everett

A cybercrime group stole more than 15 million customer records from across the U.S.

EVERETT — The Eastern European hackers were as sophisticated as they were prolific.

Their reach was worldwide.

In the U.S. alone, they breached computer networks of businesses in 47 states, stealing more than 15 million customer credit and debit card records from roughly 3,600 separate businesses, mainly in the restaurant, casino and hospitality industries.

The list of infiltrated businesses included a restaurant off Everett Mall Way and another off 196th Street in Lynnwood in March of 2017, according to a 32-page federal indictment released Wednesday.

The Department of Justice announced Wednesday that three high-ranking members of a cybercrime group have been arrested and are in custody facing charges filed in U.S. District Court in Seattle. Court papers identified the suspects as Ukrainian nationals who are part of a hacking group known as FIN7, also called the Carbanak Group and the Navigator Group.

The trio were arrested in Germany, Poland and Spain, said U.S. Attorney Annette Hayes from the Western District of Washington. They’re accused of wire fraud, conspiracy to commit wire and bank fraud, aggravated identity theft and conspiracy to commit computer hacking, among other charges.

Hayes said she hopes the arrests send a message to “these hackers (who) think they can hide behind keyboards in far away places.”

At the same time, Hayes said, “we are under no illusion that we have taken this group down all together.”

“The investigation is not over,” said Jay Tabb, special agent in charge for the FBI’s Seattle Field Office. The FBI has been working with law enforcement worldwide, he said.

“The naming of these FIN7 leaders marks a major step towards dismantling this sophisticated criminal enterprise,” Tabb said.

FIN7 hacked into thousands of computer systems and stole millions of customer credit and debit card numbers that were used or sold on the Darknet for profit. Hacks also occurred in the United Kingdom, Australia, France and other countries. Some of the companies that disclosed being hacked included Chipotle Mexican Grill, Chili’s, Arby’s, Red Robin and Jason’s Deli. One of the restaurants that fell victim to the cyber ploy was a Chipotle along Everett Mall Way, according to an address listed in the federal indictment.

FIN7 crafted email messages that would appear legitimate, sometimes inquiring about making a catering order. Once an attached file was opened and activated, malware would be used to access and steal payment card data.

The tactic is known as spear phishing.

Samples of the emails look benign. A fictitious James Anhil, for instance, in May 2017 was requesting “a takeout order for tomorrow for 11 a.m.” The email instructed the restaurant worker to open a file for the order.

“It’s completely opaque to them,” Tabb said.

FIN7 also used a front company, believed to be headquartered in Russia and Israel, to provide a guise of legitimacy and recruit hackers, according to the Department of Justice. “Ironically,” the justice department wrote, “the sham company’s website listed multiple U.S. victims among its purported clients.”

Eric Stevick: 425-339-3446;

Talk to us

More in Local News

Officials: Snohomish, other counties not ready for Phase 2

There are too many new daily cases and not enough testing or contact tracing to advance by June 1.

Peter Zieve wants to keep low-income people out of Mukilteo

The controversial aerospace owner and failed council candidate has launched another mailer campaign.

Island County gets go-ahead for Phase 2 of reopening economy

People can gather in groups five or fewer. Some businesses can open, if they follow guidelines.

Everett Farmers Market welcomes back walkers

Social distancing will be key to keeping pedestrians safe at city market.

‘Alarming’ number of motorcycle fatalities to start the year

Twenty-five motorcyclists have died so far this year throughout Washington state.

Marysville drivers wait overnight for Chick-fil-A opening

The popular chicken restaurant began serving at 6:30 a.m. Thursday. Police plan to guide traffic for days.

GOP lawmakers are getting tired of Inslee’s pandemic powers

Some want a special legislative session, saying “it is time for the legislative branch to intervene.”

Small business relief effort inundated with 850 applications

The economy in and around Everett has struggled amid fallen revenues and uncertainty about the future.

Everett’s pickleball and tennis courts are open again

Social distancing is still required, so you can shoot hoops, but it’ll be HORSE and not five-on-five.

Most Read