Authorities say the alleged hackers obtained more than 5,000 customer credit card numbers, which they then used to make fraudulent purchases around the world using software called "packet sniffers," which vacuumed up card data used at the restaurant and arcade chain.
A criminal complaint also charged Albert Gonzalez, aka "Segvec" and "SoupNazi," of Miami with wire fraud conspiracy related to the criminal scheme. According to the complaint, Internet chat room conversations indicate Gonzalez provided the sniffer software used to intercept the credit and debit card numbers.
According to the court records, Yastremskiy, aka "Maksik," and Suvorov, aka "JonnyHell," installed the "packet sniffer" software, which was designed to intercept networked computer transmissions, onto Dave & Buster's computers.
Yastremskiy and Suvorov allegedly gained entry into 11 of the company's cash registers that were linked to point of sale (POS) computer servers, including servers in Arundel, Md., and Islandia, N.Y. The POS computer servers collect and transmit the card numbers, expiration dates and security code data to the company's headquarters, and they are then verified through a third party vendor that validates the information.
From May 2007 to September 2007, the hackers allegedly obtained about 5,100 Visa and MasterCard numbers and 32 American Express numbers from their software.
Of these cards, they allegedly used 675 account numbers to make fraudulent purchases worth an estimated $600,000.
Yastremskiy -- who, according to the criminal complaint, "was one of the biggest resellers of stolen credit card data targeted by the USSS [United States Secret Service]," -- was arrested by the Turkish National Police in July 2007. Suvorov was arrested by German authorities in March 2008.
Both men are awaiting extradition to the United States to face charges here. Lawyers for the men could not be located.
Working with the Turkish police, the U.S. Secret Service gained access to Yastremskiy's laptop computer, where investigators say they found "millions of stolen credit card numbers" and a file that contained the software used in the Dave & Buster's hacking intrusions.
Dave & Buster's became aware of the intrusions in September 2007, and contacted the Secret Service, according to the court records. The Justice Department says the company has been cooperating in the investigation.
Calls to Dave and Buster's headquarters were not immediately returned.