RBS WorldPay hacker extradicted to Atlanta
The U.S. Attorney’s Office for Northern Georgia issued a press release today announcing the extradition of Sergei Tsurikov, one of the alleged leaders of the Eastern European cybercrime group that hacked into RBS WorldPay in Atlanta in 2008. Tsurikov had been indicted in November 2009 on federal charges of conspiracy to commit wire fraud, wire fraud, conspiracy to commit computer fraud, computer fraud, and aggravated identity theft. Also indicted at the time were Viktor Pleschuk, 29, of St. Petersburg, Russia, Oleg Covelin, 29, of Chisinau, Moldova, and an unidentified individual. TIgor Grudijev, 32, Ronald Tsoi, 32, Evelin Tsoi, 21, and Mihhail Jevgenov, 34, each of Tallinn, Estonia, were indicted at the time on charges related to access device fraud.
According to United States Attorney Sally Q. Yates, the charges and other information presented in court, during November 2008, Pleschuk, Tsurikov, and Covelin allegedly obtained unauthorized access into the computer network of RBS WorldPay, the U.S. payment processing division of the Royal Bank of Scotland Group PLC, located in Atlanta. The processor is the fourth largest in the U.S. according to a recent statement by the bank.
The indictment alleges that the group used sophisticated hacking techniques to compromise the data encryption that was used by RBS WorldPay to protect customer data on payroll debit cards. Once the encryption on the card processing system was compromised, the hacking ring allegedly raised the account limits on compromised accounts, and then provided a network of “cashers” with 44 counterfeit payroll debit cards, which were used to withdraw more than $9 million from over 2,100 ATMs in at least 280 cities worldwide, including cities in the United States, Russia, Ukraine, Estonia, Italy, Hong Kong, Japan and Canada. The $9 million loss occurred within a span of less than 12 hours.
The hackers then allegedly sought to destroy data stored on the card processing network in order to conceal their hacking activity. The indictment alleges that the “cashers” were allowed to keep 30 to 50 percent of the stolen funds, but transmitted the bulk of those funds back to Pleschuk, Tsurikov and other co-defendants, using means such as WebMoney accounts and Western Union. Throughout the duration of the cashout, Pleschuk and Tsurikov allegedly monitored the fraudulent ATM withdrawals in real-time from within the computer systems of RBS WorldPay. Once the withdrawals were completed, they allegedly attempted to conceal their activities in the RBS WorldPay computer network by destroying and attempting to destroy data.
The indictment seeks forfeiture of over $9.4 million of proceeds of the crimes from the defendants.
Pleschuk,Tsurikov, Covelin, and the unidentified defendant each face a maximum sentence of up to 20 years for conspiracy to commit wire fraud and each wire fraud count; up to 5 years for conspiracy to commit computer fraud; up to 5 or 10 years for each count of computer fraud; a 2 year mandatory minimum for aggravated identity theft; and fines up to $3.5 million dollars.