Attacks/Breaches
11/11/2009
11:41 AM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Four Indicted In $9 Million RBS WorldPay Hack

One of most sophisticated computer hacking rings in the world has been broken, claims Acting U.S. Attorney Sally Quillian Yates.

Four men were indicted on Tuesday for allegedly hacking into Atlanta, Ga.-based payment processor RBS WorldPay and stealing over $9 million from ATMs around the globe.

A federal grand jury returned indictments against Sergei Tsurikov, 25, of Tallinn, Estonia; Viktor Pleshchuk, 28, of St. Petersburg, Russia; Oleg Covelin, 28, of Chisinau, Moldova; and a person identified only as "Hacker 3."

A year ago, RBS WorldPay, owned by the Royal Bank of Scotland, was hacked in what Acting U.S. Attorney Sally Quillian Yates described as "perhaps the most sophisticated and organized computer fraud attack ever conducted."

On December 23, 2008, the company announced that on November 10 of that year, it had discovered "its computer system had been improperly accessed by an unauthorized party."

RBS WorldPay, which processes credit and debit transactions for other financial companies, said that certain personal information for 1.5 million cardholders and other individuals may have been affected and that as many as 1.1 million of these people may have had their social security numbers accessed.

According to the indictment, the alleged fraud arising from the incident involved far less information -- 44 payroll debit cards.

The indictment says that Covelin identified the vulnerability in RBS WorldPay's network that allowed the hackers to get in and that Pleshchuk and Tsurikov "developed a method by which the conspirators reverse engineered Personal Identification Numbers (PINs) from the encrypted data on the RBS WorldPay computer network."

The defendants were then able to raise the withdrawal limits on RBS WorldPay's prepaid payroll cards, which are linked to accounts that receive direct deposit payments for employees.

On or about November 8, 2008, the group allegedly coordinated a distributed series of ATM withdrawals during a twelve hour period "at over 2,100 ATMs located in at least 280 cities around the world, including in the United States, Russia, Ukraine, Estonia, Italy, Hong Kong, Japan, and Canada."

Over $9 million was stolen and the "cashers" -- associates who carried out the actual cash withdrawals -- were allowed to allowed to keep between 30% and 50% of the amount they withdrew, with the remainder being wired back to the hackers.

Having access to the RBS WorldPay network, Pleshchuk and Tsurikov allegedly monitored the withdrawals and then attempted to cover their tracks by destroying data on the network.

If convicted, the four men face up to 20 years in prison for wire fraud charges; up to five years in prison for conspiracy to commit computer fraud; as many as 10 years in prison for each count of computer fraud; a two-year mandatory minimum sentence for aggravated identity theft; and fines up to $3.5 million dollars, according to the U.S. Department of Justice.

How are you dealing with data-centric security? Answer our survey by Friday, Nov. 13, and be eligible to win an iPod Touch. Click here to take part.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.