Indictment for cloned debit card fraud

The US Attorneys Office has indicted a group of East Europeans who used cloned debit cards to withdraw $9 million from bank accounts around the world within just a few hours in November of 2008. The data required to create the cards was obtained from an earlier attack on financial services provider RBS WorldPay, which provides payroll services. The men indicted are also accused of having a role in the card data theft.

Four of the alleged perpetrators are reported to have hacked into RBS and used reverse engineering to obtain plain text versions of encrypted pins for 44 payroll debit cards and to have raised the cards' credit limits. Payroll debit cards allow employees of companies using RBS' services to withdraw their salaries from ATMs worldwide. 42 of the cards were subsequently used by a team of 'cashers' to withdraw a total of more than $9 million from 2,100 ATMs in 280 cities in countries including the USA, the Ukraine, Italy and Hong Kong. The withdrawals took place within a 12 hour period. According to the Attorneys Office, the cashers retained between 30 and 50 per cent of the cash and passed the rest on the four hackers behind the enterprise.

Four of the cashers, all from Estonia, have also been indicted alongside the four main suspects, who are from Estonia, Russia and Moldova. The Attorneys Office claims to have "broken the back of one of the most sophisticated computer hacking rings in the world," and stresses the close cooperation between agencies in the US and Estonia.

One of the accused was previously in court in September for the theft of card details for around 100,000 credit cards. The perpetrators now face anywhere between 2 and 20 years in jail for various offences committed in the course of the fraud.

See also:

• $9 Million stolen in ATM Scam, a report from The H.

(crve)