RBS Hacker's Sentence Too Mild

Experts: International Cyber Crime Punishment Too Lax
RBS Hacker's Sentence Too Mild
A Russian court has passed down a suspended sentence with no jail time for one of the hackers involved in the 2009 RBS WorldPay systems heist.

Yevgeny Anikin, 27, got a five-year suspended sentence for his role in $9 million breach that placed 1.5 million U.S. cardholders at risk. The lighter sentence was reportedly handed down because of the assistance Anikin offered authorities with the investigation. He is the second hacker involved in the breach to get off without facing time behind bars. In September, Viktor Pleshchuk, 29, who also was tried in Russia, got a six-year suspended sentence and four years of probation.

Peter Cassidy of the Anti-Phishing Working Group says the slap-on-wrist sentencing should not come as a surprise. "E-crime cases in Eastern Europe, Central Europe and the Baltic States often go unprosecuted or end with suspended sentences, parole or short-time sentences and parole," he says. "In the U.S., where there is mature electronic crime law and federal sentencing guidelines, electronic criminals can be sentenced for decades. Law and, more importantly, culture in parts of Europe can be more matter-of-fact, even nonchalant, about electronic crime, and that gives courts much wider berth."

The hack of Atlanta-based RBS WorldPay, the U.S. payment-processing division of the Royal Bank of Scotland Group, quickly attained notoriety for its sophistication and speed. The scheme included money mules who were hired to withdraw the stolen money from ATMs and store it in safety deposit boxes and luggage lockers at train stations. Within a 12-hour period, $9 million in cash was withdrawn from 2,100 ATMs in 280 cities around the world.

Mike Urban, senior director of fraud solutions for FICO, which provides fraud-detection analysis, says the case shows the need for stronger international punishment for cybercrimes. "If he was sentenced in the U.S., he would more than likely be doing over 10 years in prison," Urban says. "At the end of the day, he stole millions of dollars. Even if it was not a computer crime, anyone committing a felony of that scale would be incarcerated for a long time. There is a need to build better bilateral law enforcement relationships with countries where electronic crimes are committed and where the victims reside."

Four other hackers involved in the breach, Viktor Pleshchuk, Sergei Tsurikov, Oleg Covelin and Vladislav Anatolievich Horohorin were arrested as well, although only Tsurikov was extradited to the U.S. to face charges here. The United States does not have an extradition treaty with Russia. And Horohorin, who in August was arrested in France, could face up to 12 years in prison and fines totaling $500,000.

Cassidy says the culture's apathy is expressed in the sentencing passed down by courts in Central and Eastern Europe. "Still," he says, "electronic crime investigators anywhere would consider any arrest, any prosecution, any conviction and any sentence for electronic crimes in Russia a big step forward in leveling standards of jurisprudence in this body of law between Eastern Europe and the West."

About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.