International cybergang charged with RBS Worldpay hack

By on

International collaboration pays dividends.

Eight Eastern Europeans have been indicted in connection with the hacking of payment services provider RBS WorldPay, which netted the defendants a US$9 million windfall, prosecutors said this week.

Sergei Tsurikov, 25, of Tallinn, Estonia; Viktor Pleshchuk, 28, of St. Petersburg, Russia; Oleg Covelin, 28, of Chisinau, Moldova; and an unnamed person known as "Hacker 3" were charged by a federal grand jury in Atlanta in 16-count indictments alleging wire fraud, conspiracy to commit wire fraud, computer fraud, conspiracy to commit computer fraud, access device fraud, and aggravated identity theft.

In addition, four others from Estonia -- Igor Grudijev, 31; Ronald Tsoi, 31; Evelin Tsoi, 20, and Mihhail Jevgenov, 33 -- were indicted on access device fraud charges.

The gang evaded encryption on the network of RBS' US payment processing division to compromise prepaid payroll debit cards, prosecutors said in a statement. The defendants then raised the limits on the accounts, created 44 counterfeit cards and hired a group of "cashers" to use the cards to withdraw more than US$9 million in less than 12 hours from 2,100 cash machines across 280 cities worldwide.

Authorities said the indictment will send a message to cybercriminals that international borders do not prevent prosecutions.

"The charges brought against this highly sophisticated international hacking ring were possible only because of unprecedented international cooperation with our law enforcement partners, particularly between the United States and Estonia," U.S. Department of Justice Assistant Attorney General Lanny Breuer said in a statement. "Through our close cooperation, both nations have demonstrated our commitment to identifying sophisticated attacks on US financial networks that are directed and operated from overseas, and our commitment to bring the perpetrators to justice."

Tsurikov, Pleshchuk, Covelin and "Hacker 3" each face up to twenty years in prison for conspiracy to commit wire fraud and for each wire fraud count, up to five years for conspiracy to commit computer fraud, up to ten years for each count of computer fraud, and a mandatory two-year sentence for aggravated ID theft. In addition, they each face fines of up to US$3.5 million.

The four facing access device fraud charges face a maximum sentence of up to fifteen years and fines of up to US$250,000.

Meanwhile, police in Hong Kong have charged two individuals with using the stolen data to withdraw funds from ATMs there.

See original article on scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
atm crime cyber gang hack hackers rbs security worldpay
In Partnership With

Most Read Articles

The CIO moves that made headlines in 2019

The CIO moves that made headlines in 2019
AWS suffers cloud problems in Sydney region

AWS suffers cloud problems in Sydney region
NBN Co reveals active Sky Muster users within 25km of city centres

NBN Co reveals active Sky Muster users within 25km of city centres
Service NSW loses digital chief to Queensland government

Service NSW loses digital chief to Queensland government
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Are you getting profitable outcomes from your IT?
Are you getting profitable outcomes from your IT?
Your Microsoft Security journey starts here
Your Microsoft Security journey starts here
Is your AWS framework well-architected?
Is your AWS framework well-architected?
Why you should reassess your cybersecurity posture
Why you should reassess your cybersecurity posture
How will you manage the cloud data deluge?
How will you manage the cloud data deluge?

Events

Log In

Username / Email:
Password:
  |  Forgot your password?