A U.S. grand jury has indicted eight people in connection with the theft of more than $9 million from over 2,100 ATMs in at least 280 cities around the world.
The indictment accuses Viktor Pleshchuk, 28, of St. Petersburg, Russia; Sergei Tsurikov, 25, of Tallinn, Estonia; Oleg Covelin, 28, of Chisinau, Moldova; and an unidentified individual of a variety of conspiracy and fraud charges. In addition, Igor Grudijev, 31, Ronald Tsoi, 31, Evelin Tsoi, 20, and Mihhail Jevgenov, 33, all of Tallinn, Estonia, were indicted on charges of access device fraud.
According to authorities, the group broke into a computer system at RBS WorldPay, the payment-processing division of Royal Bank of Scotland Group. Once inside, the cyber-thieves reputedly cloned prepaid ATM cards and used them to swipe the loot last November.
“This investigation has broken the back of one of the most sophisticated computer hacking rings in the world,” said acting United States Attorney Sally Quillian Yates in a statement. “This success would not have been possible without the efforts of the victim, and unprecedented cooperation from various law enforcement agencies worldwide.”
According to the indictment, the group compromised the data encryption that was used by RBS WorldPay to protect customer data on payroll debit cards. Once the encryption on the card processing system was broken, some of the defendants allegedly raised the account limits on compromised accounts and gave 44 counterfeit payroll debit cards to a network of “cashers” to steal the $9 million. The funds were taken from ATMs across the world, including the United States, Russia, Ukraine, Estonia, Italy, Hong Kong, Japan and Canada.
Underscoring thecoordination of the attack, the $9 million was stolen in less than 12 hours. According to the feds, the hackers used the cashers to transmit the bulk of the money back to the group via WebMoney accounts and Western Union. The cashers were allowed to keep 30 to 50 percent of the stolen funds.
Throughout the duration of the theft, the masterminds monitored the ATM withdrawals in real time from within the computer systems of RBS WorldPay, authorities said. Once the withdrawals were completed, the group tried to cover their tracks on the RBS WorldPay network by destroying and attempting to destroy data.
The indictment seeks forfeiture of more than $9.4 million of proceeds of the crimes from the defendants.