RBS WorldPay Hacker Gets Hefty Sentence

Instrusion Led to $9 Million in Fraudulent ATM Withdrawals
RBS WorldPay Hacker Gets Hefty Sentence

A hacker involved in the RBS WorldPay network intrusion in November 2008, which led to $9 million in fraudulent ATM withdrawals, has been sentenced to 11 years in prison.

See Also: Check Kiting In The Digital Age

Sergei Nicolaevich Tsurikov of Estonia pleaded guilty back in 2012 to conspiracy to commit wire fraud and computer intrusion, according to the U.S. Attorney's Office for the Northern District of Georgia.

In addition to his prison term, Tsurikov has been ordered to pay restitution totaling $8.4 million.

"In just one day in 2008, an American credit card processor was hacked in perhaps one of the most sophisticated and organized computer fraud attacks ever conducted," says U.S. Attorney Sally Quillian Yates. "This prosecution was successful because of the efforts of the victim, and unprecedented cooperation from various law enforcement agencies worldwide."

Back in August 2012, Sonya Martin, a Chicago resident who was the accused leader of one of the hacking cells involved in the massive heist, was sentenced to 30 months in prison. Martin's role in the scheme included assisting in fraudulently withdrawing funds from ATMs.

Prosecutors say Tsurikov was among a group of hackers who obtained unauthorized access to the RBS WorldPay computer network, which at the time was the U.S. payment processing division of the Royal Bank of Scotland Group. RBS WorldPay now operates as WorldPay and continues to serve as a payment processing company.

RBS WorldPay disclosed the breach in January 2009, saying that the personal information of 1.5 million cardholders may have been affected.

ATM Withdrawal Scheme

The hacker group used techniques to compromise the data encryption that was used by RBS WorldPay to protect customer data on payroll debit cards, which are used by various companies to pay their employees, according to authorities.

Once the hackers compromised the encryption on the card processing system, they raised the limits on the compromised accounts and then provided a network of so-called "cashers" 44 counterfeit payroll debit cards, authorities say.

Over a span of less than 12 hours, the cashers withdrew more than $9 million from more than 2,100 ATMs in at least 280 cities worldwide, including the U.S., Russia, Hong Kong and Canada, prosecutors say (see: ATM Fraud Linked In RBS WorldPay Card Breach).

Following the breach, the hackers then worked to destroy data stored on the card processing network to conceal their activity, authorities say. Cashers involved in the scheme were allowed to keep 30 to 50 percent of the stolen funds, but transmitted the bulk of those funds back to Tsurikov and his co-defendants, according to prosecutors.

Eight alleged participants in the RBS WorldPay hacking operation were indicted in November 2009 for their role in the ATM fraud scheme (see: 8 Hackers Indicted in $9 Million ATM Theft).

Those indicted, including Tsurikov, were charged with conspiracy to commit wire fraud, wire fraud, conspiracy to commit computer fraud, computer fraud, access device fraud and aggravated identity theft.

In 2010, Russian authorities arrested three men involved in the scheme, including Tsurikov, who was turned over to Russia by Estonian authorities (see: Russians Arrest 3 in RBS WorldPay Heist). Tsurikov was eventually extradited to the U.S. to face charges.

A Russian court in February 2011 passed down a suspended five-year sentence with no jail time to Yevgeny Anikin, one of the hackers involved (see: RBS Hacker's Sentence Too Mild).

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.