A Nigerian woman this week was sentenced to 2 years, six months in a U.S. prison for taking part in “one of the most sophisticated and organized computer hacking and ATM cashout schemes ever perpetrated,” according to the FBI.
Sonya Martin, 45, was part of a hacking cell that used sophisticated techniques to break the encryption used by payment processor WorldPay US to protect some 1.5 million worldwide customers’ payroll debit card accounts. Employers used the debit cards to pay workers instead of issuing paper checks.
“While this was a complex, internationally coordinated crime with many different players and components, it would not have gotten very far without the cashing crews,” said Brian D. Lamkin, a special agent with the FBI field office in Atlanta. “Today’s sentencing sends a cautionary message to those here in the U.S. who would aid and abet those individuals abroad in such criminal schemes that you will be held accountable.”
Once they breached the database, the hacking group boosted the balances and ATM withdrawal limits on compromised accounts, using lead “cashers” with various debit card account numbers and their associated PINs, to withdraw more than $9 million within a 12-hour span from over 2,100 ATMs in at least 280 cities worldwide in November 2008.
Once the withdrawals were completed, the hackers tried to destroy evidence of their illegal activity, but WorldPay (then known as RBS WorldPay) detected the anomalies and immediately reported the breach.
The breach later cost WorldPay its PCI Standards compliance approval for a few months, when it regained it after showing VISA it had made improvements to its network security.
Martin supervised a cashing crew in Chicago, the FBI said in a news release. “She was given a payroll card number and PIN code, and manufactured counterfeit debit cards based on that information. She gave the counterfeit cards to underlings she recruited and supervised, and together they fraudulently withdrew approximately $80,000 from various Chicago ATMs during the early morning hours of November 8, 2008.”
She was arrested in March 2011 at a New York airport while trying to fly to London. She also was ordered to repay almost $90,000 and serve five years’ probation upon her release from prison.
Another group’s alleged leader, Albert Gonzalez, currently is serving a 20-year prison term for his role in the hacking scheme.