August 30, 2010
-
U.S. Crackdown On Cybercriminals, Pt.2
Failed attempts to erase any sign of their presence.RBS WorldPay is the payment-processing company of the Royal Bank of Scotland (RBS). The company manages a variety of electronic payment processing services, including debit card transactions, electronic benefits transfer payments (EBT), prepaid cards, credit card and ATM-processing services. The debit and credit card breach began when hackers infiltrated the company's computer system and accessed the credit card numbers as well as debit card account information and their Personal Identification Numbers (PIN). Horohorin and his buddies not only profited from the sale of the stolen cards, but also gained when they used the stolen cards themselves to draw in the more than $9.5 million.
The latest indictment handed down in Atlanta released the names of nine suspects that were allegedly involved in the debit and credit card compromise. In terms of the whole picture, Horohorin's role was minor in comparison to the other named thieves. RBS WorldPay discovered the attack which involved reverse engineering and PINs attached to payroll debit cards in November 2008. According to the indictment, the hackers had accessed the data of over 100 payroll cards. The hackers were then able to hack into the company's database to increase the amount of funds and boost the daily withdrawal limit to as high as $500,000. After the thieves accessed all the debit and credit card data, they then raised the withdrawal limits and then programmed 44 cards with the stolen account details. The thieves then hit over 2,000 ATMs and stole over $9.5 million within 12 hours.
After the hackers had completed the heist, they withdrew from the RBS WorldPay system and attempted to erase any sign of their presence. The alleged mastermind of the heist, Viktor Pleshchuk was arrested in Russia earlier this year. Eight others have also been arrested and awaiting trial. All of the defendants involved in the debit and credit card compromise have been charged with access device fraud. Horohorin faces up to a $500,000 fine and 12 years in prison for several charges including identity theft. The newest indictment handed down in Atlanta will add to that.