James Bond type hackers stole $9M in 12 hrs, then they got caught by FBI

November 11, 6:29 AMFBI ExaminerVirginia McCabe

Previous Next

Comment Print Email RSS Subscribe

Subscribe

Get alerts when there is a new article from the FBI Examiner. Read Examiner.com's terms of use.

Email Address   Include other special offers from Examiner.com Terms of Use

File Photo FBI captures alleged perps in one of the worst cyber attack
in history.

Elaborate scheme stole over $9.4 Million from credit card processor at Royal Bank of Scotland "Worldpay" program.

The hacking scheme that netted over $9.4 million sounds more like a plot out of a James Bond novel than a real life plot to hack a pay company and get away scot free. The genius plan was thwarted by the FBI.

In one day an American credit card processor was hacked in what the FBI has called "the most sophistocated and organized computer fraud attack every conducted." 

Viktor Pleshchuk, 28, of St. Petersburg, Russia; Sergei Tsurikov, 25, of Tallinn, Estonia; and Oleg Covelin, 28, of Chi?in?u, Moldova, along with an unidentified individual, have been indicted by a federal grand jury on charges of conspiracy to commit wire fraud, wire fraud, conspiracy to commit computer fraud, computer fraud, and aggravated identity theft. Igor Grudijev, 31, Ronald Tsoi, 31, Evelin Tsoi, 20, and Mihhail Jevgenov, 33, each of Tallinn, Estonia, have been indicted by a federal grand jury on charges of access device fraud.  

“Last November, in just one day, an American credit card processor was hacked in perhaps the most sophisticated and organized computer fraud attack ever conducted. Today, almost exactly one year later, the leaders of this attack have been charged," said Acting United States Attorney Sally Quillian Yates.

"This investigation has broken the back of one of the most sophisticated computer hacking rings in the world. This success would not have been possible without the efforts of the victim, and unprecedented cooperation from various law enforcement agencies worldwide,” according to the FBI.

The FBI alleges defendants Pleshchuk, Tsurikov, and Covelin, obtained unauthorized access into the computer network of “RBS WorldPay,” the U.S. payment processing division of the Royal Bank of Scotland Group PLC, located in Atlanta.

The FBI stated that the group used sophisticated hacking techniques to compromise the data encryption that was used by RBS WorldPay to protect customer data on payroll debit cards. Payroll debit cards are used by various companies to pay their employees. By using a payroll debit card, employees are able to withdraw their regular salaries from an ATM.

Once the encryption on the card processing system was compromised, the hacking ring allegedly raised the account limits on compromised accounts, and then provided a network of “cashers” with 44 counterfeit payroll debit cards, which were used to withdraw more than $9 million from over 2,100 ATMs in at least 280 cities worldwide, including cities in the United States, Russia, Ukraine, Estonia, Italy, Hong Kong, Japan and Canada. The $9 million loss occurred within a span of less than 12 hours.

The hackers then allegedly sought to destroy data stored on the card processing network in order to conceal their hacking activity. The indictment alleges that the “cashers” were allowed to keep 30 to 50 percent of the stolen funds, but transmitted the bulk of those funds back to TSURIKOV, PLESHCHUK and other co-defendants, using means such as WebMoney accounts and Western Union. Upon discovering the unauthorized activity, RBS WorldPay immediately reported the breach, and has substantially assisted in the investigation.

Throughout the duration of the cashout, Pleshchuk and Tsurikov allegedly monitored the fraudulent ATM withdrawals in real-time from within the computer systems of RBS WorldPay. Once the withdrawals were completed, they allegedly attempted to conceal their activities in the RBS WorldPay computer network by destroying and attempting to destroy data.

Tsurikov was not only an alleged hacker, but also distributed fraudulently obtained debit card account numbers and PIN codes to Grudijev  who, in turn, allegedly distributed the information to Defendants Ronlad Tsoi, Evelin Tsoi, Mihhail Jegenov, in Estonia. Together, Ronald Tsoi, Evelin Tsoi and Mihhail Jevgeno allegedly withdrew funds worth approximately $289,000 in U.S. funds from ATMs in Tallinn, Estonia. Charges based on these transactions are pending in Estonia.

The federal indictment charges 16 counts. Count One: charges Pleshchuk, Tsurikov and Covelin, and a fourth unidentified individual of conspiracy to commit wire fraud. Counts Two through 10 are  wire fraud charges brought against Pleshchuk and Tsurikov, aided and abetted by Covelin, and the unidentified hacker, based on the computer commands sent from outside the United States to the computer network of RBS WorldPay in the Northern District of Georgia. Count 11: charges Pleshchuk, Tsurikov, Covelin, and the fourth individual with conspiracy to commit computer fraud. Counts 12 through 14  are substantive charges of computer fraud against the defendants. Count 15 charges these defendants with aggravated identity theft based on the prepaid payroll card account numbers and associated PIN codes they transferred, possessed, and used without authorization in committing the wire fraud. Count 16 charges Ronald Tsoi, Evelin Tsoi and Jevogenoc, aided and abetted by Grudijev with access device fraud. 

The indictment seeks forfeiture of over $9.4 million of proceeds of the crimes from the defendants.