(Credit:
U.S. Department of Justice)
A group of Eastern Europeans was charged with hacking into the network of payment processor RBS WorldPay and using counterfeit debit cards at ATMs around the world to steal more than $9 million, the U.S. Justice Department said on Tuesday.
Four of the defendants allegedly collaborated to break into the RBS WorldPay network on November 4, 2008, where they got access to the account numbers for prepaid payroll cards used by employees to withdraw salaries from ATMs, according to the indictment from a federal grand jury in Atlanta. The defendants allegedly reverse-engineered the PINs associated with the accounts from the encrypted data on the network.
The defendants then allegedly raised the account limits on the compromised accounts and provided a network of "cashers" with 44 fake debit cards, according to the Justice Department. The cards allegedly were used November 8, 2008, to withdraw money from more than 2,100 ATMs in at least 280 cities, including in North America, Russia, Ukraine, Estonia, Italy, Hong Kong and Japan, in less than 12 hours.
The cashers were allegedly allowed to keep 30 percent to 50 percent of the stolen money and sent the remainder back to the hackers, according to the 16-count indictment.
"Last November, in just one day, an American credit card processor was hacked in perhaps the most sophisticated and organized computer fraud attack ever conducted," acting U.S. Attorney Sally Quillian Yates of the Northern District of Georgia said in a statement. "Today, almost exactly one year later, the leaders of this attack have been charged. This investigation has broken the back of one of the most sophisticated computer hacking rings in the world."
Indicted on charges of conspiracy, wire fraud, computer fraud, access device fraud, and identity theft charges were: Sergei Tsurikov, 25, of Tallinn, Estonia; Viktor Pleshchuk, 28, of St. Petersburg, Russia; Oleg Covelin, 28, of Chisinau, Moldova; and an unidentified defendant known only as "Hacker 3."
The alleged cashers, indicted for access device fraud, are all from Tallinn, Estonia. They are: Igor Grudijev, 31, Ronald Tsoi, 31, Evelin Tsoi, 20, and Mihhail Jevgenov, 33.
Tsurikov, the Tsois and Jevgenov were arrested earlier this year and Tsurikov faces extradition to the U.S., officials said. Two people in Hong Kong have been arrested for allegedly withdrawing funds from ATMs there.
RBS WorldPay, part of Royal Bank of Scotland, is based in Atlanta.
The FBI is looking for suspects caught on video cameras who allegedly used cloned payroll debit cards to withdraw money from ATMs in a multi-city crime spree late last year, according to the Chicago Tribune.
The FBI in Chicago released surveillance photos of two suspects at ATMs allegedly participating in a worldwide scam using cards created by hackers who breached the computer of RBS WorldPay, a firm in Atlanta that processes financial transactions. Money from 100 accounts was withdrawn during a 10-hour period on November 8, the report said.
Fox 5 News reported earlier this week that as much as $9 million was withdrawn using the cloned cards from more than 130 different ATMs in nearly 50 cities.
RBS WorldPay announced in December that its computer network had been breached, exposing data of as many as 1.5 million cardholders and 1.1 million Social Security numbers.
Another payment processor, Heartland Payment Systems, reported on Inauguration Day last month that its network had been breached. That breach has led to a lawsuit.
Over 1 million American Express, Royal Bank of Scotland, and NatWest customers' details have been sold on eBay.
The details were stored on a server, bought for just over 35 British pounds ($64) by Andrew Chapman, an IT manager from Oxford, England, last week. Chapman told CNET News sister site ZDNet UK on Tuesday that the server, a network attached storage (NAS) box, contained unencrypted backups of CDs.
"A professional organization holding this kind of data should have tested the disks to make sure (the information) was destroyed," said Chapman.
The computer had been used by data-archiving firm Graphic Data to store the details on behalf of RBS, of which NatWest is a subsidiary. Details included names, addresses, bank account numbers, telephone numbers and customer signatures.
RBS said on Tuesday that it was in the process of investigating the incident.
... Read more- prev
- 1
- next
