RBS WorldPay Extradition: 'Huge'

Latest Move is Big Step for Cross-Border Cases
RBS WorldPay Extradition: 'Huge'
The extradition to the U.S. of one of the alleged ringleaders of the 2008 RBS WorldPay data breach represents a "huge turnaround" in cross-border fraud investigations, one security expert says.

Sergei Tsurikov, a Tallinn, Estonia, resident, faced a U.S. magistrate in Atlanta on Aug. 6 to respond to federal charges of conspiracy to commit wire fraud, wire fraud, conspiracy to commit computer fraud, computer fraud and aggravated identity theft. He had already been indicted by a federal grand jury in November 2009, along with seven other named co-conspirators.

Given past challenges in prosecuting cases cross-borders, Chris Roberts, managing director at OneWorld Labs in Colorado, says the law enforcement cooperation that took place between nations is a "huge turnaround for what was once considered a safe place to conduct 'business' against the United States."

Roberts recalls being in meetings between the United States Secret Service and FSB (the Russian version of the Secret Service), and there was little cooperation, "partly because they had their hands tied, and partly because the involvement of the major crime syndicates in the Russian economy," he says. "The spirit of cooperation has been there, just not the final mechanism to extradite/prosecute the individuals."

Bringing the hackers here for trial is most likely easier and swifter than trying to work through the Russian court system, Roberts says. The challenge now is how to deal with the other foreign individuals implicated in crimes. "Obviously each individual is a worthy catch, but they are the tip of the iceberg," he says. "The corruption and mechanism for both the hack as well as the scam side of the enterprises goes way beyond these few individuals."

Facing Charges

The indictment against the co-conspirators alleges that the group used sophisticated hacking techniques to compromise the data encryption used by RBS WorldPay to protect customer data on payroll debit cards.

Once the encryption on the card processing system was compromised, the hacking ring allegedly raised the account limits on compromised accounts, and then provided a network of "cashers" with 44 counterfeit payroll debit cards, which were used to withdraw more than $9 million from over 2,100 ATMs in at least 280 cities worldwide, including cities in the United States, Russia, Ukraine, Estonia, Italy, Hong Kong, Japan and Canada. The $9 million loss occurred within a span of less than 12 hours in November 2008.

Officials say then the hackers tried to destroy data stored on the card processing network in order to conceal their hacking activity. The indictment alleges that the "cashers" were allowed to keep 30 to 50 percent of the stolen funds, but transmitted the bulk of those funds back to Tsurikov and other defendants using currency transactions through WebMoney accounts and Western Union.

The suspects each face a maximum of up to 20 years in prison on the conspiracy to commit wire fraud. Other charges carry five to 10 years and fines up to $3.5 million. Two suspects were arrested in Hong Kong on charges related to the heist and face criminal proceedings there for taking money from ATMs as part of the $9.5 million fraud.

At the same time Tsurikov was extradited, RBS WorldPay's parent company, the Royal Bank of Scotland (RBS), was slapped with a $8.9 million fine by the UK financial services regulator the Financial Services Authority for negligent IT governance.

RBS implemented an IT system in 2006 to screen cross-border transactions, but the bank hasn't tested the system for accuracy since it began, the FSA says. Over a two-year period, the system in question reportedly missed all incoming payments from a foreign source as well as the majority of outgoing payments except for those headed for the United States.

About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.