Russia drops net on RBS WorldPay fraudsters
Russian authorities have arrested a group of men believed to have orchestrated the high-profile 2008 scam that saw millions stolen from RBS cash machines around the world in just 12 hours.
Three men have been arrested in Russia in connection with a $9 million raid on Royal Bank of Scotland cash machines in 2008.
According to the Financial Times, the Russian Security Service (FSB) detained the suspected mastermind of the attack Viktor Pleshchuk along with two accomplices, Sergei Tsurikov and Oleg Covelin, and an unnamed hacker, after being tipped off by the FBI. Exact details about when and where the arrests were made have yet to emerge.
The men are accused of being involved in a high-profile scam in November 2008 that the US government has since described as "perhaps the most sophisticated and organised computer fraud attack ever conducted".
The attackers managed to crack the database encryption on the payroll card system used by RBS WorldPay employees, and using cloned cards then proceeded to draw $9 million from a total of 2,100 RBS cash machines around the world in a 12-hour period.
However, the work to set up the heist took far longer. Having gained access to the RBS WorldPay database, the attackers focused on the account details for 100 specific payroll cards which are used by some employers as a pre-paid method of paying monthly salaries. Once the accounts were accessed, the amount of funds available was raised and the daily withdrawal limits boosted.
Cloned payroll cards were then distributed complete with reverse-engineered PINs to operators around the world, who emptied the accounts in a single 12-hour sweep.
The arrests are being hailed as a notable victory for the country's new harder line on cyber crime. As of 1 April, anyone registering a .ru domain name will need to provide a copy of their passport, will all businesses will be required to provide legal registration papers.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
According to Symantec analyst Candid Wueest, Russia is clearly hoping for the sort of success China has experienced, having introduced similar measures at the start of the year. "In January we saw 15 to 20 per cent of all URLs in spam messages were .cn and only approximately one or two per cent were Russian. Recently we've seen as many as 30 to 40 per cent of URLs are Russian and only one per cent are .cn," he told IT PRO's sister title PC Pro.
The men are expected to be tried in Russia due to the lack of an extradition treaty between Russia and the US. Pleshchuk himself is Russian, while Tsurikov is Estonian and Covelin is from Moldova.
Read on for more on the biggest hacks of all time - and the jail terms they resulted in.