Skip to main content
U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information on the 2024 Campaign is available now.  Click here to find out more.

Mykhaylo Sergiyovich Rytikov

Mykhaylo Sergiyovich RytikovRytikov alternate imageRytikov alternate

ALIASES: Mikhail Sergeevich Rytikov, Mykhaylo Sergiyovich Titov, Mikhail Sergeevich Titov, Михайло Сергійович Ритіков, Михаил Сергеевич Рытиков, Михайло Сергійович Тітов, Михаил Сергеевич Титов, “AbdAllah,” “Abdulla,” “Boss,” “Rasul”
DOB: May 25, 1987


The indictment in this matter alleges that, in the District of New Jersey, from at least August 2005 to on or about July 2012, Mykhaylo Sergiyovich Rytikov and other co-conspirators operated a prolific hacking organization that was responsible for several of the largest known data breaches. Among other exploits during that period, the defendants and their co-conspirators penetrated the secure computer networks of several of the largest payment processing companies, retailers, and financial institutions in the world, and stole the personal identifying information of others. In furtherance of these schemes, Rytikov, in his capacity as a provider of computer and server infrastructure, would lease hacking platforms to other co-conspirators in order to allow them to launch attacks against victim networks. 

Specifically, Rytikov offered "bulletproof hosting" services (i.e., leasing servers from which law enforcement supposedly could not gain access or obtain information) to his co-conspirators. Rytikov’s bulletproof hosting services included frequently changing the locations of hacking platforms, erasing the contents of hacking platforms on short notice, accepting false credentials to register and lease hacking platforms, and discouraging Internet service providers (ISPs) from deactivating hacking platforms suspected of illegal activity. As a result of this conduct, financial institutions, credit card companies, and consumers suffered hundreds of millions of U.S. dollars in losses.

In the Eastern District of Virginia, from at least January 2009 to on or about June 2009, Rytikov and a co-conspirator operated an online “dumps-checking” service whereby, for a fee, customers involved in criminal activities could check batches of stolen credit and debit card numbers from various financial institutions to confirm which accounts were still active and valid so that further fraudulent transactions and charges could be made. Rytikov hosted and serviced the dumps-checking server for the co-conspirator. Rytikov and the co-conspirator used the dumps-checking server to check and store about 1,800,000 unique payment card numbers along with victim cardholders’ personal identifying information and addresses. In total, Rytikov and the co-conspirator caused victims to lose over $12 million U.S. Dollars.

The prosecution is being handled by the U.S. Attorney’s Office in New Jersey, the U.S. Attorney’s Office in the Eastern District of Virginia, and the U.S. Department of Justice Criminal Division’s Computer Crime and Intellectual Property Section.

Relevant Links

The charges and allegations contained in the indictments are merely accusations, and the defendant is presumed innocent unless and until proven guilty.

If you have information regarding this individual, please contact the U.S. Secret Service at