Federal prosecutors announced indictments against eight people in connection with the theft of more than $9 million from ATMs around the world.
jury has indicted eight people in connection with the theft of more than $9
million from over 2,100 ATMs in at least 280 cities around the world.
The indictment accuses
Viktor Pleshchuk, 28, of
St. Petersburg, Russia;
Sergei Tsurikov, 25, of
Oleg Covelin, 28, of
and an unidentified individual of a
variety of conspiracy and fraud charges. In addition, Igor Grudijev, 31, Ronald
Tsoi, 31, Evelin Tsoi, 20, and Mihhail Jevgenov, 33, all of
Tallinn, Estonia, were indicted on charges of
access device fraud.
According to authorities,
the group broke into a computer system at RBS WorldPay, the payment-processing
division of Royal Bank of Scotland Group. Once inside, the cyber-thieves
reputedly cloned prepaid
and used them to swipe the loot last November.
"This investigation has
broken the back of one of the most sophisticated
rings in the world," said acting United States Attorney
Sally Quillian Yates in a statement. "This success would not have been possible
without the efforts of the victim, and unprecedented cooperation from various
law enforcement agencies
According to the
indictment, the group compromised the data encryption that was used by RBS
WorldPay to protect customer data on payroll debit cards. Once the encryption
on the card processing system was broken, some of the defendants allegedly
raised the account limits on compromised accounts and gave 44 counterfeit
payroll debit cards to a network of "cashers" to steal the $9 million. The
funds were taken from ATMs across the world, including the United States, Russia, Ukraine, Estonia, Italy, Hong Kong, Japan and Canada.
coordination of the attack
, the $9 million was stolen in less than 12
hours. According to the feds, the hackers used the cashers to transmit the bulk
of the money back to the group via WebMoney accounts and
The cashers were allowed
to keep 30 to 50 percent of the stolen
Throughout the duration of
the theft, the masterminds monitored the ATM withdrawals in real time from
within the computer systems of RBS WorldPay, authorities said. Once the
withdrawals were completed, the group tried to cover their tracks on the RBS
WorldPay network by destroying and attempting to destroy data.
The indictment seeks
forfeiture of more than $9.4 million of proceeds of the crimes from the