Russian hacker pleads guilty to $419m heist

A Russian man has pleaded guilty to involvement in what authorities called the largest hacking scheme ever prosecuted in the US, after compromising more than 160 million credit card numbers and causing more than US$300 million (A$418.9 million) in losses.

Vladimir Drinkman, 34, admitted to conspiring to illegally access computers and conspiring to commit wire fraud.

Drinkman was accused of working with four other defendants as far back as 2003 to install malware designed to steal data from computer networks of financial companies, payment processors and retailers.

Prosecutors claim the defendants then used an array of computers to store and ultimately sell data they harvested.

Prosecutors alleged 16 companies' networks were infiltrated, including Nasdaq-OMX Group, 7-Eleven, Carrefour, JC Penney, JetBlue Airways, a Visa licensee, and Heartland Payment Systems.

Drinkman, of Moscow and Syktyvkar, Russia, will face up to 30 years in prison on the wire fraud conspiracy count when he is sentenced in January.

He may get a lesser term reflecting his "recognition and affirmative acceptance of personal responsibility," according to his plea agreement. Nine other criminal charges were dismissed.

"Defendants like Vladimir Drinkman, who have the skills to break into our computer networks and the inclination to do so, pose a cutting edge threat to our economic well-being, our privacy and our national security," US attorney Paul Fishman said.

Florian Miedel, a lawyer for Drinkman, did not immediately respond to requests for comment.

The defendant has been in US custody since his extradition from the Netherlands, where he was arrested in June 2012.

Another Russian man implicated in the scheme, 32-year-old Dmitriy Smilianets, is also in US custody after pleading not guilty to all charges he faced in August 2013.

Still at large are Alexandr Kalinin of St. Petersburg, Roman Kotov of Moscow, and Mikhail Rytiko of Odessa, Ukraine.

Drinkman and Kalinin had previously been charged as "Hacker 1" and "Hacker 2" in a 2009 indictment accusing Albert Gonzalez of Miami over his involvement in five corporate data breaches. Gonzalez is serving a 20-year federal prison term.