Federal authorities in New Jersey charged eight people on Wednesday who they believe were part of an international cyber fraud ring that stole more than $15 million from American bank customers.
The defendants are accused in a criminal complaint of conspiracy to commit wire fraud, money laundering and identity theft, according to a release by the U.S. Attorney's office.
The fraud operation began in 2011 when the hackers began accessing accounts at 15 prominent financial institutions, including JPMorgan Chase, Citibank, E-Trade, as well as payroll processor Automated Data Processing (ADP).
According to the release, once the miscreants compromised the accounts they would send fraudulent transfers to prepaid debit cards they controlled. Stolen funds would then be withdrawn from the debit cards by “cashers” through ATM withdrawals and fraudulent purchases in New York, Massachusetts, Illinois, Georgia and other states.
Many of the dubious prepaid debit cards were in the name of Oleksiy Sharapka, 33, of Kiev, Ukraine, who is believed to be the ringleader of the operation. From October 2011 to June 2013, ADP computer servers were illegally accessed by the ring, and about $4 million from 130 compromised accounts were transferred to the cards.
Part of the scheme included stealing the identities of individuals in the United States whose names were used on fabricated debit cards in order to retrieve cash from the stolen accounts. The identities were also used to file false tax returns to the IRS in order to seek refunds, according to the release.
Four of the individuals involved in the ruse are already in custody, while the others, including Sharapka, remain at large.
If convicted, the defendants face a penalty of 20 years in prison on the charge of conspiracy to commit wire fraud, 20 years for money laundering, and 15 years for the identity theft count.
