One of the leaders of a cybercriminal gang that hacked into payment services provider RBS WorldPay and stole US$9 million has received a six-year suspended sentence in Russia, according to reports.
Viktor Pleshchuk, of St. Petersburg, also received four years of probation and was ordered to pay the equivalent of US$8.9 million in restitution for his role in the November 2008 heist, according to a Bllomberg report. Pleshchuk, who prosecutors said was one of four people to have orchestrated the compromise, received a reduced sentence for cooperating with authorities.
He was arrested earlier this year by the Russian Federal Security Service.
The sentence seems low compared to US standards, especially considering that Pleshchuk was one of the prime coordinators behind the multimillion dollar heist, Chester Wisniewski, senior security adviser at Sophos, told SCMagazineUS.com in an email.
“It is not atypical, however, by international standards, especially considering the victims aren't Russian,” Wisniewski said. “It is a positive sign that the Russians arrested him and charged him at all. Historically, many of these criminals got away scot free.”
Former Soviet states have often been the beneficiaries of this type of crime and turned a blind eye to it, he added. But this case may serve as the “tipping point” that leads to greater cooperation and prosecution.
Pleshchuk faces separate charges in the US that were handed up last November by a federal grand jury in Atlanta.
However, the United States does not have an extradition treaty with Russia, so it is unlikely Pleshchuk will face charges in this country unless he is nabbed while traveling outside of Russia, Graham Cluley, senior security researcher at anti-virus firm Sophos, wrote in a blog post.
Several other Eastern Europeans also face US charges in connection with the hack, including Estonian Sergei Tsurikov, Oleg Covelin from Moldova, and an unnamed person known as "Hacker 3". Each were charged in 16-count indictments alleging wire fraud, conspiracy to commit wire fraud, computer fraud, conspiracy to commit computer fraud, access device fraud and aggravated identity theft.
In addition, four others from Estonia — Igor Grudijev, Ronald Tsoi, Evelin Tsoi, and Mihhail Jevgenov were each indicted on access device fraud charges.
The gang used sophisticated hacking techniques to evade encryption on the network of the US payment processing division of Atlanta-based RBS and compromise prepaid payroll debit cards, prosecutors have said in a statement. The defendants then raised the limits on the accounts, created 44 counterfeit cards and hired a group of "cashers" to use the cards to withdraw more than US$9 million in less than 12 hours from 2,100 cash machines across 280 cities worldwide.
Acting US Attorney Sally Yates said the scheme was "perhaps the most sophisticated and organised computer fraud attack ever conducted.”
Early last month, Tsurikov, another mastermind behind the hack, was extradited from Estonia to the United States and arraigned in US District Court in the Northern District of Georgia for his role in the scheme.
Tsurikov, Pleshchuk, Covelin and "Hacker 3" each face up to 20 years in prison for conspiracy to commit wire fraud and for each wire fraud count, up to five years for conspiracy to commit computer fraud, up to 10 years for each count of computer fraud, and a mandatory two-year sentence for aggravated ID theft. In addition, they each face fines of up to US$3.5 million.
The four facing access device fraud charges face a maximum sentence of up to 15 years and fines of up to $250,000.
A RBS WorldPay spokesperson could not immediately be reached for comment.
See original article on scmagazineus.com