3 Indicted in Cybercrime SchemeBanks, Businesses, Government Agencies Targeted
Two Ukrainians and an American have been indicted for their alleged involvement in an international cybercrime scheme that used stolen information from banks, businesses and government agencies in an attempt to steal at least $15 million.
See Also: Top 50 Security Threats
Oleksiy Sharapka and Leonid Yanovitsky of Kiev, Ukraine, along with Richard Gundersen of Brooklyn, N.Y., were indicted on charges of conspiracy to commit wire fraud; conspiracy to commit access device fraud and identity theft; and aggravated identity theft, according to the U.S. Attorney's Office for the District of New Jersey.
Sharapka and Yanovitsky, who allegedly directed the conspiracy, worked with conspiring hackers to gain unauthorized access to the bank accounts of customers of more than a dozen financial institutions, businesses and government agencies, prosecutors say. Those include: Aon Hewitt, Automatic Data Processing Inc., Citibank, E-Trade, Electronic Payments Inc., Fundtech Holdings, iPayment Inc.; JP Morgan Chase; Nordstrom Bank, PayPal; TD Ameritrade, U.S. Department of Defense, Defense Finance and Accounting Service, TIAA-CREF, USAA; and Veracity Payment Solutions Inc.
Once the accounts were compromised, the defendants and conspirators allegedly diverted money to bank accounts and pre-paid debit cards they controlled, prosecutors say. A cash-out operation was then launched, employing crews of individuals to make ATM withdrawals and fraudulent purchases in New York, Massachusetts, Illinois, Georgia and elsewhere, the U.S. attorney's office says. Gunderson allegedly facilitated the movement of fraud proceeds.
As part of the scheme, the defendants allegedly stole identities that were used to facilitate the cash-out operation, including transferring money to cards in the names of those stolen identities, prosecutors say. The stolen identities were also used to file fraudulent tax returns with the IRS seeking refunds.
The defendants and conspirators allegedly laundered the proceeds of the scheme overseas.
Sharapka and Yanovitsky are fugitives. Gundersen will be arraigned on the charges on a date to be determined, the U.S. attorney's office says.
Each defendant faces a total of up to 27 years in prison if convicted on all charges, plus fines totaling up to $750,000.
The case highlights the power of information sharing between organizations involved in fighting cybercrime, says Alan Brill, senior managing director at Kroll Solutions, a risk advisory firm.
"The more information to be collected against those who are perpetrating these incidents, the more likely it is that law enforcement can understand how to find them," Brill says. "Also, defensive measures can be better constructed to stop the specifics of a particular type of incident."
Along with the Department of Justice, the agencies involved in this case include: the U.S. Secret Service; U.S. Immigration and Customs Enforcement's Homeland Security Investigations directorate; Department of Defense's Criminal Investigative Service; and IRS-Criminal Investigation. The case was brought in coordination with President Obama's Financial Fraud Enforcement Task Force.
Cybercrime cases like this also show that criminals know no borders, and neither should law enforcement, Brill says. "Remember, these criminals operate in cyberspace," he says. "If we don't get out of the box of traditional thinking about criminal investigations and develop paradigms appropriate to cyberspace, we're giving the criminals an advantage, and that's something that we shouldn't do and that they don't deserve."