RBS Hacking Suspects Indicted

The Federal Bureau of Investigation called a computer crime ring’s hack into the payroll debit systems of the Royal Bank of Scotland Group PLC “perhaps the most sophisticated and organized computer fraud attack ever conducted”.

Now, thanks to the collaborative efforts of several international law enforcement agencies, several key suspects have been charged with access fraud by a federal grand jury in Atlanta. They are: Igor Grudijev, 31, Ronald Tsoi, 31, Evelin Tsoi, 20, and Mihhail Jevgenov, 33.

The 16-count indictment was returned in Atlanta because that’s where RBS Worldpay’s payment processing system is headquartered, The Atlanta Journal Constitution explains. As the Acting United States Attorney Sally Quillian Yates suggest in the FBI’s statement on the case, this was no run-of-the-mill computer intrusion. Rather, the alleged perpetrators used “sophisticated hacking techniques to compromise the data encryption that was used by RBS WorldPay to protect customer data on payroll debit cards”—that is, cards, used by employees to withdraw regular salaries from an ATM.

Once the suspects had this payroll debit card information, it is alleged, they raised the account limits and deployed “cashers” to make withdrawals with counterfeit cards they furnished. Let’s paint that picture by numbers:

# of counterfeit payroll debit cards used: 44
# of ATMs visited: 2,100
# of cities involved: 280
Total dollar loss: $9.4 million

And this fraud bender allegedly went down in less than 12 hours. The Journal-Constitution reports that federal authorities believe the cashers kept 30 to 50 percent of what they withdrew and sent the rest back to Eastern Europe using WebMoney accounts and Western Union. If convicted in the United States, some of the suspects could be sentenced to as much as 20 years in prison, according to the newspaper.