Eight Charged in US for $45 Million Bank and ATM Cybercrime Campaign

A four-count federal indictment was unsealed in Brooklyn, USA charging eight defendants with participating in two worldwide cyberattacks that inflicted $45 million in losses on the global financial system in a matter of hours. The defendants allegedly formed the New York-based cell of an international cybercrime organization that used sophisticated intrusion techniques to hack into the systems of global financial institutions, steal prepaid debit card data, and eliminate withdrawal limits. The stolen card data was then disseminated worldwide and used in making fraudulent ATM withdrawals on a massive scale across the globe. The eight indicted defendants and their co-conspirators targeted New York City and withdrew approximately $2.8 million in a matter of hours. The defendants are charged variously with conspiracy to commit access device fraud, money laundering conspiracy, and money laundering.

“As charged in the indictment, the defendants and their co-conspirators participated in a massive 21st century bank heist that reached across the Internet and stretched around the globe. In the place of guns and masks, this cybercrime organization used laptops and the Internet. Moving as swiftly as data over the Internet, the organization worked its way from the computer systems of international corporations to the streets of New York City, with the defendants fanning out across Manhattan to steal millions of dollars from hundreds of ATMs in a matter of hours,” stated United States Attorney Lynch. “Law enforcement is committed to moving just as swiftly to solve these cybercrimes and bring their perpetrators to justice.”

“New technologies and the rapid growth of the Internet have eliminated the traditional borders of financial crimes and provided new opportunities for the criminal element to threaten the world’s financial systems. However, as demonstrated by the charges and arrests announced today, the Secret Service and its law enforcement partners have adapted to these technological advancements and utilized cutting edge investigative techniques to thwart this cybercriminal activity,” said Secret Service Special Agent in Charge Hughes. “I want to take this opportunity to commend the dedicated men and women of the Secret Service and HSI for their extraordinary efforts in this investigation. This case is an excellent example of the impact that can be made when the law enforcement community works together.”

“The arrests today reflect the government’s joint efforts to bring a global cybercrime enterprise to justice,” said HSI (Homeland Security Investigations) Special Agent in Charge Hayes. “HSI is proud to be part of a proactive federal law enforcement initiative that uses its collective resources to pull the plug on those who attempt to use the Internet to commit bank robbery.”

According to the government’s filings, between approximately October 2012 and April 2013, the defendants and their co-conspirators conducted two cyberattacks. The first operation, on December 22, 2012, targeted a credit card processor that processed transactions for prepaid MasterCard debit cards issued by the National Bank of Ras Al-Khaimah PSC, also known as RAKBANK, in the United Arab Emirates. After the hackers penetrated the credit card processor’s computer network, compromised the RAKBANK prepaid card accounts, and manipulated the balances and withdrawal limits, casher cells across the globe operated a coordinated ATM withdrawal campaign. In total, more than 4,500 ATM transactions were conducted in approximately 20 countries around the world using the compromised RAKBANK account data, resulting in approximately $5 million in losses to the credit card processor and RAKBANK. In the New York City area alone, over the course of just two hours and 25 minutes, the defendants and their co-conspirators conducted approximately 750 fraudulent transactions, totaling nearly $400,000, at over 140 different ATM locations in New York City.

As alleged in the indictment and other court filings, the second of the cyberattacks occurred on the afternoon of February 19 and lasted into the early morning of February 20, 2013. This operation again breached the network of a credit card processor that serviced MasterCard prepaid debit cards, this time issued by the Bank of Muscat, located in Oman. Again, after the cybercrime organization’s hackers compromised Bank of Muscat prepaid debit card accounts and distributed the data, the organization’s casher cells engaged in a worldwide ATM withdrawal campaign. This attack was particularly devastating: Over the course of approximately 10 hours, casher cells in 24 countries executed approximately 36,000 transactions worldwide and withdrew about $40 million from ATMs. From 3 p.m. on February 19 through 1:26 a.m. on February 20, the defendants and their co-conspirators withdrew approximately $2.4 million in nearly 3,000 ATM withdrawals in the New York City area.

As charged in the indictment and other filings, defendant Alberto Yusi Lajud-Peña was the leader of the New York cell of this organization, and in the wake of the charged Unlimited Operations, he and defendants Elvis Rafael Rodriguez and Emir Yasser Yeje laundered hundreds of thousands of dollars in illicit cash proceeds. In one transaction alone, nearly $150,000 in the form of 7,491 $20 bills, was deposited at a bank branch in Miami, Florida, into an account controlled by defendant Alberto Yusi Lajud-Peña. Cell members also invested the criminal proceeds in portable luxury goods, such as expensive watches and cars. To date, the United States has seized hundreds of thousands of dollars in cash and bank accounts, two Rolex watches and a Mercedes SUV, and is in the process of forfeiting a Porsche Panamera. The Mercedes and Porsche were purchased with $250,000 in proceeds of this scheme.