Feds Charge Eight In $9 Million RBS Debit Card Hack

Altogether, the eight individuals were accused of wire fraud, computer fraud, access device fraud, aggravated identity theft and conspiracy, according to the 16-count indictment filed Tuesday in Atlanta.

The alleged hackers, originating from Russia, Estonia and Moldova, were able to bypass encryption technologies used to protect customer data on RBS payroll debit cards as they were being processed and then raised the limits on the compromised accounts.

Hacker ring organizers then dispatched "cashers" with a total of 44 counterfeit payroll debit cards, which were used to withdraw more than $9.5 million in 12 hours from more than 2,100 ATMs in at least 280 cities including the Ukraine, Italy, Hong Kong, as well as the U.S. on Nov. 8, 2008.

While the cashers were pilfering ATM funds, the ringleaders logged onto the RBS system to monitor the transactions. Once the withdrawals were completed, the men attempted to cover their tracks by destroying data on the RBS network.

At least four individuals named in the indictment were suspected to be part of an international crime ring that helped mastermind the RBS heist, identified as Sergei Tsurikov, 25, of Tallinn, Estonia; Viktor Pleshchuk, 25, of St. Petersburg, Russia; Oleg Covelin, 28, of Chisinau, Moldova; and a fourth individual known as "Hacker 3."

In addition to the other charges, the four ringleaders could potentially serve at least two more years in prison for aggravated identity theft and pay additional fines of up to $3.5 million.

The cashers, identified as Ronald Tsoi, 31; Evelin Tsoi, 20; and Mihhail Jevgenov, 33, withdrew a combined $289,000 from ATMs in their home town of Tallinn, Estonia, using card data they received from Igor Grudijev, 31.

Tsurikov, Ronald Tsoi, Evelin Tsoi and Jevgenov were arrested earlier this year in Estonia while a request for a U.S. extradition is pending for Tsurikov.

RBS WorldPay had warned users in December 2008 of a security breach occurring the previous month that compromised 1.5 million payroll and gift card accounts in the U.S, in addition to 1.1 million Social Security records that were also exposed by the breach.