ATM Fraud , Fraud

Feds Extradite 'Most Wanted' ATM Hacker

Also, Swedish Blackshades Malware Mastermind Sentenced
Feds Extradite 'Most Wanted' ATM Hacker

A Turkish man who has been accused of masterminding a string of ATM cash-out attacks dating back to 2008 - and stealing almost $55 million - has been extradited from Germany to face trial in the United States.

See Also: Secure Access in a Hybrid IT World

Ercan Findikoglu (a.k.a. predator, segate), 33, was extradited from Germany to New York on June 23, where he will now face trial, according to the Department of Justice.

Findikoglu was arrested by German police on an international arrest warrant, when visiting Frankfurt in December 2013, after being wanted by the U.S. Secret Service for five years. Prior to his arrest, Findikoglu had been second on the FBI's Cyber Most Wanted list, to which he was added in 2008. He also reportedly faced a Turkish warrant for his arrest and extradition.

A lower German court rejected Findikoglu's subsequent request to have the U.S. extradition request dismissed. But in November, Germany's supreme court, the Bundesverfassungsgericht, ruled that the lower court erred by failing to receive assurances from the United States that Findikoglu would not receive a disproportionate sentence. Under Germany's property-related crime laws - under which Findikoglu was being held - he would have received a maximum sentence of 15 years, whereas he faced up to 247.5 years in the United States, if convicted of all the charges filed against him, German court documents revealed.

The U.S. indictment against Findikoglu was unsealed - albeit in partially redacted form - June 24. The indictment, which was filed July 25, 2013, by the U.S. Attorney for the Eastern District of New York, details 18 charges filed against Findikoglu, including hacking into the computer networks of at least three U.S. payment processors: Fidelity National Information Services, ElectraCard Service and enStage. Findikoglu allegedly coordinated - and received "a significant portion of revenues" from - an attack campaign predicated on fraudulently increasing the credit limit of prepaid debit cards to make unauthorized withdrawals.

Findikoglu has been charged with masterminding a group that made 15,000 such transactions across 18 countries in February 2011, stealing $14 million; 5,700 transactions in December 2012 across 20 countries, stealing $5 million; and February 2013 attacks that resulted in the theft of $40 million, according to the indictment.

Findikoglu's extradition comes as the White House has been pushing to revise U.S. cybercrime laws so that they can be used to prosecute the fraudulent use of U.S. payment card data anywhere in the world (see Fighting U.S. Card Data Fraud Overseas).

"Unlimited Operation" Attacks

In 2013, the government unsealed a four-count federal indictment against eight New York-based members of the alleged cybercrime gang who are accused of participating in the February 2011 attacks, and stealing $2.8 million as part of "cashing crews." According to the newly unsealed indictment against Findikoglu, he allegedly helped to mastermind those attacks.

The men were accused of using "unlimited operation" hacking techniques (see ATM Cash-Outs: An Emerging Scheme). "[This] begins when the cybercrime organization hacks into the computer systems of a credit card processor, compromises prepaid debit card accounts, and essentially eliminates the withdrawal limits and account balances of those accounts," the Department of Justice says. "The elimination of withdrawal limits enables the participants to withdraw literally unlimited amounts of cash until the operation is shut down."

The prosecution against the defendants was led by Loretta Lynch, a former U.S. Attorney for the Eastern District of New York who's now the U.S. attorney general. "In the place of guns and masks, this cybercrime organization used laptops and the Internet," she said. "The organization worked its way from the computer systems of international corporations to the streets of New York City, with the defendants fanning out across Manhattan to steal millions of dollars from hundreds of ATMs in a matter of hours."

Blackshades Malware Mastermind Sentenced

In other cybercrime-related news, the Department of Justice announced June 23 that the Swedish co-creator of the Blackshades remote-access tool, 25-year-old Alex Yucel, has been sentenced to 57 months in prison. Yucel pleaded guilty to computer hacking charges in February, relating to the development and sale of the Blackshades malware, which authorities say can be used for everything from launching distributed denial-of-service attacks to stealing online financial account information from victims' computers (see BlackShades Arrests: A Watershed Event?).

"Alex Yucel created, marketed, and sold software that was designed to accomplish just one thing - gain control of a computer, and with it, a victim's identity and other important information," said Manhattan U.S. Attorney Preet Bharara. "This malware victimized thousands of people across the globe and invaded their lives."

Authorities say that Yucel was the first person to have ever been extradited from Moldova to the United States. In addition to the prison term, Yucel must also forfeit $200,000 and all of his computer equipment.

Other alleged cybercrime kingpins who have been extradited to the United States in the past year include the Russians Vladimir Drinkman, who was arrested in Amsterdam on charges of masterminding the biggest hack attack in U.S. history, and Roman Valerevich Seleznev, who was extradited from the Maldives on charges related to the alleged theft and sale of more than 2 million credit card numbers. Both men have pleaded not guilty to the charges filed against them.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the Executive Editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, amongst other publications. He lives in Scotland.

Around the Network