WASHINGTON (11/12/09)--Eight Russian and Eastern European people have been indicted on charges that they are part of an international crime ring that hacked ATMs in hundreds of cities worldwide and stole $9 million within 12 hours. The group is one of two major cyber gangs targeted by law enforcement officials for creating havoc on U.S. financial companies (The Wall Street Journal
Nov. 11). It is considered the more sophisticated of the two rings. The other gang is well known to credit unions. It was responsible for online attacks at Heartland Payment Systems, TJX Cos. and others. Credit unions and other financial institutions ended up replacing millions of credit and debit cards to avoid fraud. Those attacks spawned a series of lawsuits and legislative measures about protecting consumers' personal information. The gang's alleged ringleader, Albert Gonzalez of Florida, was indicted in August with his co-conspirators. The newly indicted group is allegedly responsible for a synchronized maneuver that began on Nov. 4, 2008, when four hackers broke into a computer system at RBS WorldPay Inc., the Atlanta, Ga.-based U.S. payment processing division of Royal Bank of Scotland PLC, said the U.S. Justice Department. Between Nov. 4 and 8, they extracted debit card numbers and personal identification number (PIN) codes from RBS's network. Ringleaders then distributed about 44 card numbers and their PINs to a world-wide network of cashers who used cloned prepaid ATM cards to withdraw cash from 2,100 ATMs in 280 cities, including cities in the U.S. The cybercriminals allegedly targeted payroll debit cards that companies issue employees for withdrawing their salaries. Once in the systems, the hackers increased the maximum withdrawal allowed and tried to destroy data on the systems to cover up the break-in, said prosecutors in Atlanta. The cashers who withdrew funds from the ATMs were permitted to keep a share of the amount withdrawn and return the balance to the hackers. After the withdrawals, the hackers allegedly tried to destroy data on RBS's network to conceal the thefts. Indictments included:
* Viktor Pleshchuk, 28, of St. Petersburg, Russia, who allegedly developed a method used to reverse-engineer PINS from encrypted data on RBS WorldPay's network, and is considered by law enforcement authorities as the leader of the gang; * Sergei Tsurikov, 25, of Tallinn, Estonia, who is awaiting extradition to the U.S. from Estonia in what would be the first extradition of a cybercriminal from Eastern Europe, considered a haven for the cyber underground; and * Oleg Covelin, 28, of Moldova, who allegedly distributed account information to others to withdraw money from the ATMs, according to the indictments.
RBS WorldPay detected the breach on Nov. 10 and disclosed it publicly on Dec. 23. The breach compromised roughly 1.5 million cardholders' accounts.