Federal officials charged eight members of a Ukrainian cybercrime ring this week after they allegedly tried to illegally access the networks of a number of financial institutions including Citibank, JP Morgan Chase, TD Ameritrade and PayPal, along with the U.S. Department of Defense’s Finance and Accounting Services service, among others.

The gang allegedly stole in excess of $15 million via money laundering and identify theft after extracting customer account information from 15 different payment processors, banks and online brokers.

The two ringleaders, Oleksiy Sharapka, 33, and Leonid Yanovitsky, 38, both of Kiev, Ukraine, remain at large, according to reports this afternoon. Sharapka had previously been in custody in Massachusetts and served a 102-month federal sentence from 2004 to 2012 before being deported to Ukraine last spring, according to prosecutors in New Jersey.

While primarily based in Ukraine, the ring extended to New York City, Atlanta and two towns on the outskirts of Boston. Oleg Pidtergerya, 49, of Brooklyn, N.Y.; Robert Dubuc, 40, of Malden, Mass.; Andrey Yarmolitskiy, 41, of Atlanta, Richard Gunderson, 46, of Brooklyn, and Lamar Taylor, 37, of Salem, Mass. were charged with three counts of conspiracy, one for wire fraud, one for money laundering and one for identity theft on Wednesday. While Pidtergerya, Ostapyuk and Dubuc were arrested in Brooklyn and Malden on Wednesday, Yarmolitskiy was arrested when he flew into John F. Kennedy International Airport on Tuesday.

The remaining two co-conspirators, Gunderson and Taylor, are currently being pursued, according to reports.

From March 2012 to June 2013, the suspects hacked into the servers of banks, secured customers’ information and funneled money from legitimate bank accounts to prepaid debit cards. “Cashers” in the U.S. cashed out the accounts via ATMs and by making fake purchases as part of what the federal complaint (.PDF) refers to as the “Sharapka Cash Out Organization.”

According to the complaint, the conspirators also defrauded the IRS by faking tax returns in the names of the identity theft victims. The ring received about $20,000 in fake tax refunds from June to July, 2012.

Fifteen companies were victimized in the attacks, including Aon Hewitt, Automated Data Processing Inc., Citibank N.A., E-Trade, Electronic Payments Inc., Fundtech Holdings LLC, iPayment Inc., JP Morgan Chase Bank N.A., Nordstrom Bank, PayPal, TD Ameritrade, the U.S. Department of Defense’s Defense Finance and Accounting Service, TIAA-CREF, USAA, and Veracity Payment Solutions Inc.

Categories: Hacks