Federal officials indicted eight individuals who allegedly stole more than $9 million in less than 12 hours by illegally accessing payroll debit card information from credit card processor Royal Bank of Scotland (RBS) WorldPay in Atlanta last November.
Altogether, the eight individuals were accused of wire fraud, computer fraud, access device fraud, aggravated identity theft and conspiracy, according to the 16-count indictment filed Tuesday in Atlanta.
The alleged hackers, originating from Russia, Estonia and Moldova, were able to bypass encryption technologies used to protect customer data on RBS payroll debit cards as they were being processed and then raised the limits on the compromised accounts.
Hacker ring organizers then dispatched "cashers" with a total of 44 counterfeit payroll debit cards, which were used to withdraw more than $9.5 million in 12 hours from more than 2,100 ATMs in at least 280 cities including the Ukraine, Italy, Hong Kong, as well as the U.S. on Nov. 8, 2008.
While the cashers were pilfering ATM funds, the ringleaders logged onto the RBS system to monitor the transactions. Once the withdrawals were completed, the men attempted to cover their tracks by destroying data on the RBS network.
At least four individuals named in the indictment were suspected to be part of an international crime ring that helped mastermind the RBS heist, identified as Sergei Tsurikov, 25, of Tallinn, Estonia; Viktor Pleshchuk, 25, of St. Petersburg, Russia; Oleg Covelin, 28, of Chisinau, Moldova; and a fourth individual known as "Hacker 3."
In addition to the other charges, the four ringleaders could potentially serve at least two more years in prison for aggravated identity theft and pay additional fines of up to $3.5 million.
The cashers, identified as Ronald Tsoi, 31; Evelin Tsoi, 20; and Mihhail Jevgenov, 33, withdrew a combined $289,000 from ATMs in their home town of Tallinn, Estonia, using card data they received from Igor Grudijev, 31.
Tsurikov, Ronald Tsoi, Evelin Tsoi and Jevgenov were arrested earlier this year in Estonia while a request for a U.S. extradition is pending for Tsurikov.
RBS WorldPay had warned users in December 2008 of a security breach occurring the previous month that compromised 1.5 million payroll and gift card accounts in the U.S, in addition to 1.1 million Social Security records that were also exposed by the breach.
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
