US investigators may be gaining ground in the fight against international cyber crime. Recent extradition of an alleged hacker from Estonia is latest victory in prosecuting such cases.
The cyber attack on the Atlanta-based subsidiary of the Royal Bank of Scotland (RBS) began Nov. 4, 2008, even as Americans went to polls to elect a new president. While Mr. Obama's supporters were savoring political victory, Sergei Tsurikov and alleged members of his hacker gang in Eastern Europe were nearing their own celebration: Having cracked the encryption protecting prepaid payroll cards of the bank's WorldPay, the cyber criminals were allegedly orchestrating a lightning-strike theft.
After providing 44 fake payroll debit cards and stolen PIN numbers to a platoon of "cashers," Mr. Tsurikov and his partners watched on computer screens as the cashers withdrew $9.4 million from 2,100 ATMs in at least 280 cities around the world – all in less than four days, according to a federal indictment.
Until recently, cyber thieves behind sophisticated thefts like the one at RBS had little to fear. Often operating from distant nations and across jurisdictional boundaries, law enforcement authorities in the US and elsewhere found it difficult to catch the suspects, much less get them to court.
Now come small yet substantial signs that the good guys may be gaining a bit of ground in the cyber fight. The Federal Bureau of Investigation (FBI), US Secret Service, and others cheered last week as Tsurikov was extradited from Estonia to Atlanta, where he now sits in a federal cell awaiting trial. On Friday he pleaded "not guilty" to federal charges concerning his alleged role in the RBS WorldPay cyber heist.
Page 1 of 5