RBS World Pay hackers arrested. Will extradite?
The St. Petersburg FSB conducted an operation to arrest the hacker Viktor Pleschuk, who is considered the organizer of one of the most daring hacker hacks in the history of the banking business.
In 2008, they and associates hacked the RBS World Pay payment system (the processing unit of Royal Bank of Scotland), stole data on debit cards of bank customers, and got access to personal customer data and banking systems, including ATM processing and payroll cards . Somehow, they were able to even carry out reverse engineering of PIN codes, reports Wired.
On November 8, 2008, almost simultaneously with 44 cloned payroll cards, about $ 9.5 million were withdrawn. During 12 hours about 2100 ATMs were involved in 280 cities, including Atlanta, Chicago, New York, Montreal, Moscow and Hong Kong. Hundreds of ordinary cashiers (drops) took part in the cashing operation.
Such a large amount of damage is due to the fact that the hackers managed to preliminarily raise the withdrawal limits for each card to $ 500,000 through an ATM processing system, so that the “drops” took all the cash from the ATMs that was there.
')
As the investigation showed, the operation was coordinated by four people: Victor Pleschuk (28 years old, St. Petersburg), Sergey Tsurikov (25 years old, Tallinn), Oleg Kovelin (28 years old, Chisinau) and another yet unidentified participant. It was Pleschuk who found a way to reverse engineer encrypted PIN codes.
The organizers of the campaign had the opportunity to observe in real time through the ATM monitoring system the process of withdrawing funds and track how much money was withdrawn on each card. At the end of the operation, they tried to erase the traces of their presence from the RBS system.
Interestingly, according to Russian law, Viktor faces no more than five years in prison for hacking activity. And Russia has no agreement on the extradition of criminals from the United States. In such cases, American intelligence services or wait for years until the hacker goes on vacation abroad (for example, this is how Ukrainian hacker Maxim [Maksik] Yastremsky was arrested in Turkey in July 2007), or trying to negotiate with the Russian authorities.
According to experts, the FSB and the FBI demonstrated an unsurpassed level of cooperation in the Pleschuk case disclosure operation, but the Russian authorities are unlikely to meet on extradition. According to the FBI agent Hilbert, who is quoted by Wired, it is not the first time with the help of Western intelligence services that such operations are carried out in Russia and Ukraine, but these countries never extradite hackers, but give them minimal terms and soon release them, sometimes early. Especially if the hacker has sufficient financial reserves to protect their interests.
By the way, the Estonian authorities arrested Sergei Tsurikov and have already promised to extradite him to the United States.
In 2008, they and associates hacked the RBS World Pay payment system (the processing unit of Royal Bank of Scotland), stole data on debit cards of bank customers, and got access to personal customer data and banking systems, including ATM processing and payroll cards . Somehow, they were able to even carry out reverse engineering of PIN codes, reports Wired.
On November 8, 2008, almost simultaneously with 44 cloned payroll cards, about $ 9.5 million were withdrawn. During 12 hours about 2100 ATMs were involved in 280 cities, including Atlanta, Chicago, New York, Montreal, Moscow and Hong Kong. Hundreds of ordinary cashiers (drops) took part in the cashing operation.
Such a large amount of damage is due to the fact that the hackers managed to preliminarily raise the withdrawal limits for each card to $ 500,000 through an ATM processing system, so that the “drops” took all the cash from the ATMs that was there.
')
As the investigation showed, the operation was coordinated by four people: Victor Pleschuk (28 years old, St. Petersburg), Sergey Tsurikov (25 years old, Tallinn), Oleg Kovelin (28 years old, Chisinau) and another yet unidentified participant. It was Pleschuk who found a way to reverse engineer encrypted PIN codes.
The organizers of the campaign had the opportunity to observe in real time through the ATM monitoring system the process of withdrawing funds and track how much money was withdrawn on each card. At the end of the operation, they tried to erase the traces of their presence from the RBS system.
Interestingly, according to Russian law, Viktor faces no more than five years in prison for hacking activity. And Russia has no agreement on the extradition of criminals from the United States. In such cases, American intelligence services or wait for years until the hacker goes on vacation abroad (for example, this is how Ukrainian hacker Maxim [Maksik] Yastremsky was arrested in Turkey in July 2007), or trying to negotiate with the Russian authorities.
According to experts, the FSB and the FBI demonstrated an unsurpassed level of cooperation in the Pleschuk case disclosure operation, but the Russian authorities are unlikely to meet on extradition. According to the FBI agent Hilbert, who is quoted by Wired, it is not the first time with the help of Western intelligence services that such operations are carried out in Russia and Ukraine, but these countries never extradite hackers, but give them minimal terms and soon release them, sometimes early. Especially if the hacker has sufficient financial reserves to protect their interests.
By the way, the Estonian authorities arrested Sergei Tsurikov and have already promised to extradite him to the United States.
Source: https://habr.com/ru/post/88628/
All Articles