DoJ Busts Up Eastern European Hacking Ring

A group of eight hackers based in Eastern Europe were indicted on 16 separate federal counts, including computer fraud and aggravated identity theft, for their alleged role in an elaborate scheme that pilfered more than $9 million from an Atlanta-based credit card processing company.

Sergei Tsurikov, 25, of Tallinn, Estonia, Viktor Pleshchuk, 28, of St. Petersburg, Russia, Oleg Covelin, 28, of Chisinau, Moldova and a person known only as “Hacker 3” were indicted Tuesday by a federal grand jury in Atlanta on charges of hacking into a computer network operated by the Atlanta-based credit card processing company RBS WorldPay, a subsidiary of the Royal Bank of Scotland.

Igor Grudijev, 31, Ronald Tsoi, 31, Evelin Tsoi, 20, and Mihhail Jevgenov, 33, all of Tallinn, Estonia, have also been indicted by the same federal grand jury for access device fraud, according to a Department of Justice statement.

The 16-count indictment charges Tsurikov, Pleshchuk, Covelin and “Hacker 3” with conspiracy to commit wire fraud, wire fraud, conspiracy to commit computer fraud, computer fraud, access device fraud and aggravated identity theft.

The indictment alleges that the group used sophisticated hacking techniques to compromise the data encryption that was used by RBS WorldPay to protect customer data on payroll debit cards.

Payroll debit cards are used by various companies to pay their employees. By using a payroll debit card, employees are able to withdraw their regular salaries from an ATM rather than through a physical check or through direct deposit.

Justice Department officials said that once the encryption on the card processing system was compromised, the hacking ring allegedly raised the account limits on compromised accounts, and then provided a network of “cashers” with 44 counterfeit payroll debit cards which were used to withdraw more than $9 million from more than 2,100 ATMs in at least 280 cities worldwide, including cities in the United States, Russia, Ukraine, Estonia, Italy, Hong Kong, Japan and Canada.

“This investigation has broken the back of one of the most sophisticated computer hacking rings in the world,” acting U.S. Attorney Sally Quillian Yates said in a statement. “This success would not have been possible without the efforts of the victim and unprecedented cooperation from various law enforcement agencies worldwide.”

Last month, the FBI and Egyptian law enforcement agencies teamed up to snare 100 alleged phishers and hackers responsible for perpetrating the largest cyber fraud phishing scam in U.S. history.

The high-profile operation, dubbed “Operation Phish Phry,” culminated with a 51-count indictment in early October accusing all 100 defendants with conspiracy to commit wire fraud and bank fraud.

In this latest bust, Justice Department officials claim the Eastern European crooks attempted to destroy data stored on the card processing network in order to conceal their hacking activity.

The indictment alleges that the “cashers” were allowed to keep 30 percent to 50 percent of the stolen funds, but transmitted the bulk of those funds back to Tsurikov, Pleshchuk and other co-defendants.

RBS WorldPay immediately notified federal authorities once it detected the suspicious activity. The case is being investigated by the FBI with help from international law enforcement partners in Europe, Asia and the U.S. Secret Service.

Tsurikov, Pleshchuk, Covelin and “Hacker 3” each face a maximum sentence of up to 20 years in prison for conspiracy to commit wire fraud and each wire fraud count; up to five years in prison for conspiracy to commit computer fraud; up to five or 10 years in prison for each count of computer fraud; a two-year mandatory minimum sentence for aggravated identity theft; and fines up to $3.5 million dollars.

The charges against Grudijev, the Tsois and Jevgenov carry a maximum of up to 15 years in prison for each count and a fine of up to $250,000. The indictment also seeks criminal forfeiture of $9.4 million from the defendants.