Attacks/Breaches
11/11/2009
11:41 AM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Four Indicted In $9 Million RBS WorldPay Hack

One of most sophisticated computer hacking rings in the world has been broken, claims Acting U.S. Attorney Sally Quillian Yates.

Four men were indicted on Tuesday for allegedly hacking into Atlanta, Ga.-based payment processor RBS WorldPay and stealing over $9 million from ATMs around the globe.

A federal grand jury returned indictments against Sergei Tsurikov, 25, of Tallinn, Estonia; Viktor Pleshchuk, 28, of St. Petersburg, Russia; Oleg Covelin, 28, of Chisinau, Moldova; and a person identified only as "Hacker 3."

A year ago, RBS WorldPay, owned by the Royal Bank of Scotland, was hacked in what Acting U.S. Attorney Sally Quillian Yates described as "perhaps the most sophisticated and organized computer fraud attack ever conducted."

On December 23, 2008, the company announced that on November 10 of that year, it had discovered "its computer system had been improperly accessed by an unauthorized party."

RBS WorldPay, which processes credit and debit transactions for other financial companies, said that certain personal information for 1.5 million cardholders and other individuals may have been affected and that as many as 1.1 million of these people may have had their social security numbers accessed.

According to the indictment, the alleged fraud arising from the incident involved far less information -- 44 payroll debit cards.

The indictment says that Covelin identified the vulnerability in RBS WorldPay's network that allowed the hackers to get in and that Pleshchuk and Tsurikov "developed a method by which the conspirators reverse engineered Personal Identification Numbers (PINs) from the encrypted data on the RBS WorldPay computer network."

The defendants were then able to raise the withdrawal limits on RBS WorldPay's prepaid payroll cards, which are linked to accounts that receive direct deposit payments for employees.

On or about November 8, 2008, the group allegedly coordinated a distributed series of ATM withdrawals during a twelve hour period "at over 2,100 ATMs located in at least 280 cities around the world, including in the United States, Russia, Ukraine, Estonia, Italy, Hong Kong, Japan, and Canada."

Over $9 million was stolen and the "cashers" -- associates who carried out the actual cash withdrawals -- were allowed to allowed to keep between 30% and 50% of the amount they withdrew, with the remainder being wired back to the hackers.

Having access to the RBS WorldPay network, Pleshchuk and Tsurikov allegedly monitored the withdrawals and then attempted to cover their tracks by destroying data on the network.

If convicted, the four men face up to 20 years in prison for wire fraud charges; up to five years in prison for conspiracy to commit computer fraud; as many as 10 years in prison for each count of computer fraud; a two-year mandatory minimum sentence for aggravated identity theft; and fines up to $3.5 million dollars, according to the U.S. Department of Justice.

How are you dealing with data-centric security? Answer our survey by Friday, Nov. 13, and be eligible to win an iPod Touch. Click here to take part.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0972
Published: 2014-08-01
The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly prevent write access to IOMMU context registers, which allows local users to select a custom page table, and consequently write ...

CVE-2014-2627
Published: 2014-08-01
Unspecified vulnerability in HP NonStop NetBatch G06.14 through G06.32.01, H06 through H06.28, and J06 through J06.17.01 allows remote authenticated users to gain privileges for NetBatch job execution via unknown vectors.

CVE-2014-3009
Published: 2014-08-01
The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 through 11.0 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 does not properly handle FRAME elements, which makes it easier for remote authenticated users to conduct ph...

CVE-2014-3302
Published: 2014-08-01
user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCuj81708.

CVE-2014-3534
Published: 2014-08-01
arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a c...

Best of the Web
Dark Reading Radio