International cybergang charged with RBS Worldpay hack

By on

International collaboration pays dividends.

Eight Eastern Europeans have been indicted in connection with the hacking of payment services provider RBS WorldPay, which netted the defendants a US$9 million windfall, prosecutors said this week.

Sergei Tsurikov, 25, of Tallinn, Estonia; Viktor Pleshchuk, 28, of St. Petersburg, Russia; Oleg Covelin, 28, of Chisinau, Moldova; and an unnamed person known as "Hacker 3" were charged by a federal grand jury in Atlanta in 16-count indictments alleging wire fraud, conspiracy to commit wire fraud, computer fraud, conspiracy to commit computer fraud, access device fraud, and aggravated identity theft.

In addition, four others from Estonia -- Igor Grudijev, 31; Ronald Tsoi, 31; Evelin Tsoi, 20, and Mihhail Jevgenov, 33 -- were indicted on access device fraud charges.

The gang evaded encryption on the network of RBS' US payment processing division to compromise prepaid payroll debit cards, prosecutors said in a statement. The defendants then raised the limits on the accounts, created 44 counterfeit cards and hired a group of "cashers" to use the cards to withdraw more than US$9 million in less than 12 hours from 2,100 cash machines across 280 cities worldwide.

Authorities said the indictment will send a message to cybercriminals that international borders do not prevent prosecutions.

"The charges brought against this highly sophisticated international hacking ring were possible only because of unprecedented international cooperation with our law enforcement partners, particularly between the United States and Estonia," U.S. Department of Justice Assistant Attorney General Lanny Breuer said in a statement. "Through our close cooperation, both nations have demonstrated our commitment to identifying sophisticated attacks on US financial networks that are directed and operated from overseas, and our commitment to bring the perpetrators to justice."

Tsurikov, Pleshchuk, Covelin and "Hacker 3" each face up to twenty years in prison for conspiracy to commit wire fraud and for each wire fraud count, up to five years for conspiracy to commit computer fraud, up to ten years for each count of computer fraud, and a mandatory two-year sentence for aggravated ID theft. In addition, they each face fines of up to US$3.5 million.

The four facing access device fraud charges face a maximum sentence of up to fifteen years and fines of up to US$250,000.

Meanwhile, police in Hong Kong have charged two individuals with using the stolen data to withdraw funds from ATMs there.

See original article on scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
atm crime cyber gang hack hackers rbs security worldpay
In Partnership With

Most Read Articles

Aussie banks warn customers after fresh PayID data breach

Aussie banks warn customers after fresh PayID data breach
NBN Co's FTTC and HFC build costs rise again

NBN Co's FTTC and HFC build costs rise again
Morrison vows to tame Centrelink IT "beast"

Morrison vows to tame Centrelink IT "beast"
Australia will now headhunt tech talent for permanent residency

Australia will now headhunt tech talent for permanent residency
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Is your AWS framework well-architected?
Is your AWS framework well-architected?
Why you should reassess your cybersecurity posture
Why you should reassess your cybersecurity posture
How will you manage the cloud data deluge?
How will you manage the cloud data deluge?
Follow these steps to prevent targeted attacks
Follow these steps to prevent targeted attacks
Your mobile devices may not be secure – learn how to fix that
Your mobile devices may not be secure – learn how to fix that

Events

Log In

Username / Email:
Password:
  |  Forgot your password?