International cybergang charged with RBS Worldpay hack

Share this article:

Eight Eastern Europeans have been indicted in connection with the hacking of payment services provider RBS WorldPay, which netted the defendants a $9 million windfall, prosecutors said Tuesday.

Sergei Tsurikov, 25, of Tallinn, Estonia; Viktor Pleshchuk, 28, of St. Petersburg, Russia; Oleg Covelin, 28, of Chisinau, Moldova and an unnamed person known as "Hacker 3" each were charged by a federal grand jury in Atlanta in 16-count indictments alleging wire fraud, conspiracy to commit wire fraud, computer fraud, conspiracy to commit computer fraud, access device fraud and aggravated identity theft.

In addition, four others from Estonia -- Igor Grudijev, 31; Ronald Tsoi, 31; Evelin Tsoi, 20, and Mihhail Jevgenov, 33 -- each were indicted on access device fraud charges.

The gang evaded encryption on the network of RBS' U.S. payment processing division to compromise prepaid payroll debit cards, prosecutors said in a statement. The defendants then raised the limits on the accounts, created 44 counterfeit cards and hired a group of "cashers" to use the cards to withdraw more than $9 million in less than 12 hours from 2,100 cash machines across 280 cities worldwide.

Authorities said the indictment will send a message to cybercriminals that international borders do not prevent prosecutions.

"The charges brought against this highly sophisticated international hacking ring were possible only because of unprecedented international cooperation with our law enforcement partners, particularly between the United States and Estonia," U.S. Department of Justice Assistant Attorney General Lanny Breuer said Tuesday in a statement. "Through our close cooperation, both nations have demonstrated our commitment to identifying sophisticated attacks on U.S. financial networks that are directed and operated from overseas, and our commitment to bring the perpetrators to justice."

Tsurikov, Pleshchuk, Covelin and "Hacker 3" each face up to 20 years in prison for conspiracy to commit wire fraud and for each wire fraud count, up to five years for conspiracy to commit computer fraud, up to 10 years for each count of computer fraud and a mandatory two-year sentence for aggravated ID theft. In addition, they each face fines of up to $3.5 million.

The four facing access device fraud charges face a maximum sentence of up to 15 years and fines of up to $250,000.

Meanwhile, police in Hong Kong have charged two individuals with using the stolen data to withdraw funds from ATMs there.

A RBS WorldPay spokesperson could not be immediately reached.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit ...

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts ...

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.