Wednesday, November 11, 2009

Alleged International Hacking Ring Caught in $9 Million Fraud



Yesterday the Justice Department announced eight indictments in the RBS WorldPay ATM Robbery.  Refreshing your memory... during the RBS WorldPay ATM heist, 44 counterfeit payroll debit cards were used to withdraw more than $9 million from at least 2,100 ATMs in at least 280 cities worldwide in about 12 hours. 



Last year I blogged about the amazing RBS WorldPay Heist.  The original post follows this press release from the Department of Justice:



Justice News Banner

Department of Justice

Office of Public Affairs



FOR IMMEDIATE RELEASE



Alleged International Hacking Ring Caught in $9 Million Fraud

Major Credit Card Processor Victimized in Elaborate Theft of Account Numbers



Sergei Tsurikov, 25, of Tallinn, Estonia; Viktor Pleshchuk, 28, of St. Petersburg, Russia; Oleg Covelin, 28, of Chisinau, Moldova; and a person known only as "Hacker 3;" have been indicted by a federal grand jury in Atlanta, Ga., on charges of hacking into a computer network operated by the Atlanta-based credit card processing company RBS WorldPay, which is part of the Royal Bank of Scotland.



Igor Grudijev, 31, Ronald Tsoi, 31, Evelin Tsoi, 20, and Mihhail Jevgenov, 33, each of Tallinn, Estonia, have also been indicted by a federal grand jury in Atlanta, Ga., for access device fraud.



The 16-count indictment charges Tsurikov, Pleshchuk, Covelin and "Hacker 3" with conspiracy to commit wire fraud, wire fraud, conspiracy to commit computer fraud, computer fraud, access device fraud and aggravated identity theft. The indictment alleges that the group used sophisticated hacking techniques to compromise the data encryption that was used by RBS WorldPay to protect customer data on payroll debit cards. Payroll debit cards are used by various companies to pay their employees. By using a payroll debit card, employees are able to withdraw their regular salaries from an ATM.



Once the encryption on the card processing system was compromised, the hacking ring allegedly raised the account limits on compromised accounts, and then provided a network of "cashers" with 44 counterfeit payroll debit cards, which were used to withdraw more than $9 million from more than 2,100 ATMs in at least 280 cities worldwide, including cities in the United States, Russia, Ukraine, Estonia, Italy, Hong Kong, Japan and Canada. The $9 million loss occurred within a span of less than 12 hours.



The hackers then allegedly sought to destroy data stored on the card processing network in order to conceal their hacking activity. The indictment alleges that the "cashers" were allowed to keep 30 to 50 percent of the stolen funds, but transmitted the bulk of those funds back to Tsurikov, Pleshchuk and other co-defendants . Upon discovering the unauthorized activity, RBS WorldPay immediately reported the breach.



International cooperation was a significant factor in the resolution of this case. In a joint investigation with U.S. law enforcement authorities, Estonian Central Criminal Police apprehended Tsurikov, Ronald Tsoi, Evelin Tsoi and Jevgenov in Estonia earlier this year. Each is facing related charges in Estonia. Tsurikov is also in custody in Estonia and is pending extradition to the United States. Federal prosecution of the Estonian defendants has been closely coordinated with the Estonian Office of the Prosecutor General. Furthermore, cooperation between the Hong Kong Police Force and the FBI also led to a parallel investigation in Hong Kong, resulting in the identification and arrest of two individuals who were responsible for withdrawing RBS WorldPay funds from ATMs there. The Netherlands Police Agency National Crime Squad High Tech Crime Unit and the Netherlands National Public Prosecutor’s Office also provided significant assistance.



Tsurikov, Pleshchuk, Covelin and "Hacker 3" each face a maximum sentence of up to 20 years in prison for conspiracy to commit wire fraud and each wire fraud count; up to five years in prison for conspiracy to commit computer fraud; up to five or 10 years in prison for each count of computer fraud; a two-year mandatory minimum sentence for aggravated identity theft; and fines up to $3.5 million dollars. The charges against Grudijev, the Tsois and Jevgenov carry a maximum of up to 15 years in prison for each count and a fine of up to $250,000. The indictment also seeks criminal forfeiture of $9.4 million from the defendants.



"The charges brought against this highly sophisticated international hacking ring were possible only because of unprecedented international cooperation with our law enforcement partners, particularly between the United States and Estonia. Through our close cooperation, both nations have demonstrated our commitment to identifying sophisticated attacks on U.S. financial networks that are directed and operated from overseas and our commitment to bringing the perpetrators to justice," said Assistant Attorney General of the Criminal Division Lanny A. Breuer.



"Last November, in just one day, an American credit card processor was hacked in perhaps the most sophisticated and organized computer fraud attack ever conducted. Today, almost exactly one year later, the leaders of this attack have been charged. This investigation has broken the back of one of the most sophisticated computer hacking rings in the world. This success would not have been possible without the efforts of the victim, and unprecedented cooperation from various law enforcement agencies worldwide," said Acting U.S. Attorney Sally Quillian Yates of the Northern District of Georgia.



"Through the diligent efforts of the victim company and multiple law enforcement agencies within the United States and around the world, the leaders of a technically advanced computer hacking group were identified and indicted in Atlanta, sending a clear message to cyber-criminals across the globe, said FBI Atlanta Field Office Special Agent-in-Charge Greg Jones. "Justice will not stop at international borders, but continue with the on-going cooperation between the FBI and other agencies such as the Estonian Central Criminal Police and the Netherlands Police Agency."



This case is being prosecuted by Assistant U.S. Attorneys Lawrence R. Sommerfeld and Gerald Sachs of the U.S. Attorneys Office for the Northern District of Georgia and by Senior Counsel Kimberly Kiefer Peretti of the Criminal Division’s Computer Crime and Intellectual Property Section. Treaty assistance was provided by the Criminal Division’s Office of International Affairs counsels Betsy Burke, Blair Berman, Roman Chaban, Judith Friedman, Deborah Gaynus, Linda McKinney and Mary McLaren.



This case is being investigated by the FBI. Assistance was provided by international law enforcement partners. The U.S. Secret Service also participated in the investigation. RBS World Pay immediately reported the crime and has assisted in the investigation.



Here is the original post regarding the RBS WorldPay Breach:

Mother of All Hacks Coming?

December 24th, 2008 - PIN Payments Blog



There is a disturbing development brewing in the payments world.   It's bad enough when a retailer's computer  security is breached but now we've got us a completely different ballgame.  When hackers penetrate the computer systems of major acquirers and processors, well to use a famous quote, "We've got a problem Houston." 



This could turn out to be a "Royal pain in the ***" for Visa and Mastercard themselves because acquirers like Royal Bank of Scotland link directly into their networks. 



On the surface, this appears to be "one small step for hackers but it's "one giant step" for hack-kind."  

 

According to reports I've read this morning,  according to Gartner Research analyst Avivah Litan, this could be the beginnings of the mother of all hack attacks...



“It’s very bad news,” says distinguished analyst Avivah Litan. Unlike retailers’ computer systems, processors’ systems connect directly to the networks of Visa Inc. and MasterCard Inc. “An attacker that breaks into a processor conceivably can get into the heart of the system,” and attacks on acquirers and processors are increasing."








Reblog this post [with Zemanta]

Disqus for ePayment News