Hacker extradited to ATL, arraigned
One alleged leader of a $9 million Eastern European fraud scheme that hacked into the computers of RBS WorldPay in Atlanta, was extradited to the United States and was arraigned Friday.
Sergei Tsurikov, 26, of Tallinn, Estonia, was arraigned before U.S. Magistrate Judge E. Clayton Scofield III, on federal charges of conspiracy to commit wire fraud, wire fraud, conspiracy to commit computer fraud, computer fraud, and aggravated identity theft.
Tsurikov was indicted by a federal grand jury on these charges in November 2009, along with Viktor Pleschuk, 29, of St. Petersburg, Russia, Oleg Covelin, 29, of Chisinau, Moldova, and an unidentified individual. The indictment also charged Igor Grudijev, 32, Ronald Tsoi, 32, Evelin Tsoi, 21, and Mihhail Jevgenov, 34, each of Tallinn, Estonia, with access device fraud offenses.
During November 2008, Pleschuk, Tsurikov, and Covelin allegedly obtained unauthorized access into the computer network of RBS WorldPay, the U.S. payment processing division of the Royal Bank of Scotland Group PLC in Atlanta. The indictment alleges the group used sophisticated hacking techniques to compromise the data encryption used by RBS WorldPay to protect customer data on payroll debit cards.
Once the encryption on the card processing system was compromised, the hacking ring allegedly raised the account limits on compromised accounts and then provided a network of “cashers” with 44 counterfeit payroll debit cards, which were used to withdraw more than $9 million from more than 2,100 ATMs in at least 280 cities worldwide, including cities in the United States, Russia, Ukraine, Estonia, Italy, Hong Kong, Japan and Canada. The $9 million loss occurred within a span of less than 12 hours.
The hackers then allegedly sought to destroy data stored on the card processing network in order to conceal their hacking activity.
The indictment alleges the “cashers” were allowed to keep 30 to 50 percent of the stolen funds, but transmitted the bulk of those funds back to Tsurikov, Pleschuk and other co-defendants, using means such as WebMoney accounts and Western Union.
Pleschuk and Tsurikov allegedly monitored the fraudulent ATM withdrawals in real-time from within the computer systems of RBS WorldPay. Once the withdrawals were completed, Pleschuk and Tsurikov allegedly attempted to conceal their activities in the RBS WorldPay computer network by destroying and attempting to destroy data.
Tsurikov was not only an alleged hacker, but also distributed fraudulently obtained debit card account numbers and PIN codes to Igor Grudijev, who, in turn, allegedly distributed the information to defendants Ronald Tsoi, Evelin Tsoi, and Mihhail Jevgenov in Estonia. Together, Ronald Tsoi, Evelin Tsoi, and Mihhail Jevgenov allegedly withdrew funds worth $289,000 from ATMs in Tallinn, Estonia.
The indictment contains sixteen counts and seeks forfeiture of more than $9.4 million of proceeds of the crimes from the defendants.
Filed under: marketing by TheDoor