In November 2008, with the US transfixed by a presidential election and a collapsing economy, a group of international hackers infiltrated the computer network of a major financial services company in what authorities describe as one of the most sophisticated attacks ever concocted.
Their work was both furtive and impressive: Around the time Barack Obama was securing his White House victory, the hackers entered RBS WorldPay servers, accessed prepaid payroll card numbers, cracked their encrypted PIN codes, raised the balances on the cards and distributed dozens of them to a team of people around the world.
Then, in the span of 12 hours around Nov. 8 of that year, the group hit 2,100 ATM terminals in 280 cities spanning the world, from the US to Russia and Italy to Japan. Prosecutors say they withdrew US$9 million — a haul that rivals 1,000 typical bank robberies in the US.
Despite the technical and international challenges of the case, US investigators believe they were able to trace the scheme back to its origin. On Friday, they brought one of the accused ringleaders from Estonia to Atlanta to face arraignment on several fraud charges — a rare appearance in US courts for an accused international hacker.
Sergei Tsurikov, 26, of Tallinn, Estonia, pleaded not guilty at his arraignment to conspiracy to commit computer fraud, computer fraud, conspiracy to commit wire fraud, wire fraud and aggravated identity theft.
FBI officials said in interviews that they weren’t so much drawn to the case by the dollar amount of the RBS heist, but by the coordination. It exemplified the international scope and increasing acumen of cyber attacks.
“As people become more technically proficient and get access to the Internet, we see this crime showing up in more and more places,” said Pat Carney, who supervised the RBS case at the FBI’s headquarters.
With such an increasing need for cyber defenses, the FBI has ramped up its focus, training 900 agents in how to handle such crimes. In the RBS case, they quickly mobilized a group of FBI experts on the topic to descend on Atlanta, Georgia, where RBS is based, and track down the culprits.
While US authorities have been able to crack down on cyber crimes originating in the US, the FBI has had to increasingly rely on foreign partners to restrict attacks coming from overseas, in places like Egypt, Turkey and Hong Kong. Federal officials praised authorities in Estonia for assisting in both the investigation and extradition in the hacker case.
The increasing scope of foreign attacks comes as college students around the world are focusing heavily on technology degrees only to emerge into a difficult job market with low pay, officials said.
“When you can’t find a legitimate job making big money, you find some way to make money,” said Colleen Moss, the head of the FBI’s Cyber Crime Squad in North Carolina. “There’s a lot of high-tech trained folks out there who either don’t have a job or aren’t making what they’d like to.”
The RBS case began when a 29-year-old Moldovan man, Oleg Covelin, found a vulnerability in the computer network run by RBS, the FBI said. He passed the details along to Tsurikov in Estonia, according to FBI officials, and he conducted “reconnaissance” to assess the vulnerability before sharing his findings with a colleague in Russia.
After breaking into the system, the team distributed 44 counterfeit cards to a network of “cashers” around the world.
Though the hackers attempted to cover their tracks, RBS noticed the activity and reported it to the FBI. They managed to trace the culprits, relying on cyber forensics, international banks and foreign authorities.
“What made this case different was the scope, the timing and the coordination,” said Doris Gardner, an FBI special agent who worked on the case. “It was very sophisticated.”
Tsurikov was indicted last year in the case along with Viktor Pleshchuk of St Petersburg, Russia, Covelin of Chisinau, Moldova, and three others from Estonia. The three leading suspects have been convicted in Estonia. In the US, they face up to 20 years in prison for wire fraud charges and between five and 10 years for computer fraud charges.
Yemen’s separatist leader has vowed to keep working for an independent state in the country’s south, in his first social media post since he disappeared earlier this month after his group briefly seized swathes of territory. Aidarous al-Zubaidi’s United Arab Emirates (UAE)-backed Southern Transitional Council (STC) forces last month captured two Yemeni provinces in an offensive that was rolled back by Saudi strikes and Riyadh’s allied forces on the ground. Al-Zubaidi then disappeared after he failed to board a flight to Riyadh for talks earlier this month, with Saudi Arabia accusing him of fleeing to Abu Dhabi, while supporters insisted he was
‘SHOCK TACTIC’: The dismissal of Yang mirrors past cases such as Jang Song-thaek, Kim’s uncle, who was executed after being accused of plotting to overthrow his nephew North Korean leader Kim Jong-un has fired his vice premier, compared him to a goat and railed against “incompetent” officials, state media reported yesterday, in a rare and very public broadside against apparatchiks at the opening of a critical factory. Vice Premier Yang Sung-ho was sacked “on the spot,” the state-run Korean Central News Agency said, in a speech in which Kim attacked “irresponsible, rude and incompetent leading officials.” “Please, comrade vice premier, resign by yourself when you can do it on your own before it is too late,” Kim reportedly said. “He is ineligible for an important duty. Put simply, it was
‘TERRORIST ATTACK’: The convoy of Brigadier General Hamdi Shukri resulted in the ‘martyrdom of five of our armed forces,’ the Presidential Leadership Council said A blast targeting the convoy of a Saudi Arabian-backed armed group killed five in Yemen’s southern city of Aden and injured the commander of the government-allied unit, officials said on Wednesday. “The treacherous terrorist attack targeting the convoy of Brigadier General Hamdi Shukri, commander of the Second Giants Brigade, resulted in the martyrdom of five of our armed forces heroes and the injury of three others,” Yemen’s Saudi Arabia-backed Presidential Leadership Council said in a statement published by Yemeni news agency Saba. A security source told reporters that a car bomb on the side of the road in the Ja’awla area in
The Chinese Embassy in Manila yesterday said it has filed a diplomatic protest against a Philippine Coast Guard spokesman over a social media post that included cartoonish images of Chinese President Xi Jinping (習近平). Philippine Coast Guard spokesman Jay Tarriela and an embassy official had been trading barbs since last week over issues concerning the disputed South China Sea. The crucial waterway, which Beijing claims historic rights to despite an international ruling that its assertion has no legal basis, has been the site of repeated clashes between Chinese and Philippine vessels. Tarriela’s Facebook post on Wednesday included a photo of him giving a
RSS