November 10, 2009, 12:13PM
U.S. Takes Down $9 Million RBS WorldPay Hacking Ring
6 Comments
U.S. and international prosecutors have taken down a criminal ring that they allege was responsible for an ATM scam last year that stole about $9 million from RBS WorldPay. The criminals were able to evade the company's encryption system used on payroll debit cards and withdraw money from ATMs in 280 cities around the world.
A federal grand jury in Atlanta has indicted eight men in connection with the scheme, including five Estonians, one Russian, one Moldovan and one unidentified man. Prosecutors allege that the men "used sophisticated hacking techniques" to defeat the company's encryption system. The scam, which hit RBS WorldPay last November, involved an elaborate plan in which the attackers first bypassed the encryption on the debit cards, which RBS WorldPay issues to customers for employee payroll purposes. They then raised the limits on the accounts attached to the cards.
Once that was done, the gang then allegedly "provided a network of 'cashers' with 44 counterfeit payroll debit cards, which were used to withdraw more than $9 million from more than 2,100 ATMs in at least 280 cities worldwide, including cities in the United States, Russia, Ukraine, Estonia, Italy, Hong Kong, Japan and Canada. The $9 million loss occurred within a span of less than 12 hours," the Department of Justice said in a statement on the indictments released Tuesday.
Editor's Pick
See related story: Anatomy of the RBS WorldPay Hack
Justice officials said the hackers then tried to erase their tracks on the card processing network, but that RBS WorldPay identified the fraudulent activity and reported it quickly.
Five of the defendants, Igor Grudijev, Ronald Tsoi, Evelin Tsoi, Mihhail Jevgenov and Sergei Tsurikov are being held in Estonia. Tsurikov is awaiting extradition to the U.S., while the other four are to be prosecuted in Estonia. The other defendants are Viktor Pleshchuk of St. Petersburg, Russia, Oleg Covelin of Chisinau, Moldova, and a person the prosecutors identified only as "Hacker3."
"Last November, in just one day, an American credit card processor was hacked in perhaps the most sophisticated and organized computer fraud attack ever conducted. Today, almost exactly one year later, the leaders of this attack have been charged. This investigation has broken the back of one of the most sophisticated computer hacking rings in the world. This success would not have been possible without the efforts of the victim, and unprecedented cooperation from various law enforcement agencies worldwide," said Acting U.S. Attorney Sally Quillian Yates of the Northern District of Georgia, in a statement.
Commenting on this Article is closed.
Today's Most Popular
- Attackers Using Fake Google Analytics Code to Redirect Users to Black Hole Exploit Kit
- New Tool Will Automate Password Cracks on Common SCADA Product
- How Offensive Research Drives Down the Cost of Attacks
- Researchers Dump Trove of 0Days For Popular Android Applications
- Citadel Malware Authors Adopt Open-Source Development Model
Most Commented Stories
Newsletter Sign-up
Take Our Poll
Follow Threatpost
 |  |  |  |
| Tumblr |
Comments
Put 'em under the jail!
I'll bet dollars to donuts that "sophisticated hacking techniques" involved a weak administrator password.
I wouldn't take that bet. You're probably right. The only thing in that indictment that looks somewhat sophisticated is the "reverse engineering" of the PINs, which is a pretty vague description.
Is there any evidence that this same gang is responsible for other cybercrimes? Also wonder who gets the film rights for this story (I already see Harrison Ford as the beleaguered internet cop chasing the bad guys).
Great hacking techniques.
Even if how clever the suspect is, he still go behind bars and pays off!