Eight Eastern Europeans have been indicted in connection with the hacking of payment services provider RBS WorldPay, which netted the defendants a US$9 million windfall, prosecutors said this week.
Sergei Tsurikov, 25, of Tallinn, Estonia; Viktor Pleshchuk, 28, of St. Petersburg, Russia; Oleg Covelin, 28, of Chisinau, Moldova; and an unnamed person known as "Hacker 3" were charged by a federal grand jury in Atlanta in 16-count indictments alleging wire fraud, conspiracy to commit wire fraud, computer fraud, conspiracy to commit computer fraud, access device fraud, and aggravated identity theft.
In addition, four others from Estonia -- Igor Grudijev, 31; Ronald Tsoi, 31; Evelin Tsoi, 20, and Mihhail Jevgenov, 33 -- were indicted on access device fraud charges.
The gang evaded encryption on the network of RBS' US payment processing division to compromise prepaid payroll debit cards, prosecutors said in a statement. The defendants then raised the limits on the accounts, created 44 counterfeit cards and hired a group of "cashers" to use the cards to withdraw more than US$9 million in less than 12 hours from 2,100 cash machines across 280 cities worldwide.
Authorities said the indictment will send a message to cybercriminals that international borders do not prevent prosecutions.
"The charges brought against this highly sophisticated international hacking ring were possible only because of unprecedented international cooperation with our law enforcement partners, particularly between the United States and Estonia," U.S. Department of Justice Assistant Attorney General Lanny Breuer said in a statement. "Through our close cooperation, both nations have demonstrated our commitment to identifying sophisticated attacks on US financial networks that are directed and operated from overseas, and our commitment to bring the perpetrators to justice."
Tsurikov, Pleshchuk, Covelin and "Hacker 3" each face up to twenty years in prison for conspiracy to commit wire fraud and for each wire fraud count, up to five years for conspiracy to commit computer fraud, up to ten years for each count of computer fraud, and a mandatory two-year sentence for aggravated ID theft. In addition, they each face fines of up to US$3.5 million.
The four facing access device fraud charges face a maximum sentence of up to fifteen years and fines of up to US$250,000.
Meanwhile, police in Hong Kong have charged two individuals with using the stolen data to withdraw funds from ATMs there.
See original article on scmagazineus.com
International cybergang charged with RBS Worldpay hack
International collaboration pays dividends.
Got a news tip for our journalists? Share it with us anonymously here.
Sponsored Whitepapers

Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks

Protect APIs. Protect Your Business.

KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ

Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt

Saviynt Simplifies GRC and Access Control for SAP and Beyond