RALEIGH, N.C. – In November 2008, with the nation transfixed by a presidential election and a collapsing economy, a group of international hackers infiltrated the computer network of a major financial services company in what authorities describe as one of the most sophisticated attacks ever concocted.
Their work was both furtive and impressive: Around the time Barack Obama was securing his White House win, the hackers entered RBS WorldPay servers, accessed prepaid payroll card numbers, cracked their encrypted PIN codes, raised the balances on the cards and distributed dozens of them to a team of people around the world.
Then, in the span of 12 hours around Nov. 8 of that year, the group hit 2,100 ATM terminals in 280 cities spanning the world, from the United States to Russia to Italy to Japan. Prosecutors say they withdrew $9 million — a haul that rivals 1,000 typical bank robberies in the United States.
Despite the technical and international challenges of the case, U.S. investigators believe they were able to trace the scheme back to its origin. On Friday they brought one of the accused ringleaders from Estonia to Atlanta to face arraignment on several fraud charges — a rare appearance in U.S. courts for an accused international hacker.
Sergei Tsurikov, 26, of Tallinn, Estonia, pleaded not guilty at his arraignment to conspiracy to commit computer fraud, computer fraud, conspiracy to commit wire fraud, wire fraud and aggravated identity theft.
FBI officials said in interviews with The Associated Press that they weren't so much drawn to the case by the dollar ammount of the RBS heist but by the coordination. It exemplified the international scope and increasing acumen of cyber attacks.
"As people become more techically proficient and get access to the Internet, we see this crime showing up in more and more places," said Pat Carney, who supervised the RBS case at the FBI's headquarters.
With such an increasing need for cyber defenses, the FBI has ramped up its focus, training some 900 agents in how to handle such crimes. In the RBS case, they quickly mobilized a group of FBI experts on the topic to descend on Atlanta, where RBS is based, and track down the culprits.
While U.S. authorities have been able to crack down on cyber crimes originating in the United states, the FBI has had to increasingly rely on foreign partners to restrict attacks coming from overseas, in places like Egypt, Turkey and Hong Kong. Federal officials praised authorities in Estonia for assisting in both the investigation and extradition in the hacker case.
The increasing scope of foreign attacks comes as college students around the world are focusing heavily on technology degrees only to emerge into a difficult job market with low pay, officials said.
"When you can't find a legitimate job making big money, you find some way to make money," said Colleen Moss, the head of the FBI's Cyber Crime Squad in North Carolina. "There's a lot of high-tech trained folks out there who either don't have a job or aren't making what they'd like to."
The RBS case began when a 29-year-old Moldovan man, Oleg Covelin, found a vulnerability in the computer network run by RBS, the FBI said. He passed the details along to Tsurikov in Estonia, according to FBI officials, and he conducted "reconnaissance" to assess the vulnerability before sharing his findings with a colleague in Russia.
After breaking into the system, the team distributed 44 counterfeit cards to a network of "cashers" around the world.
Though the hackers attempted to cover their tracks, RBS noticed the activity and reported it to the FBI. They managed to trace the culprits, relying on cyber forensics, international banks and foreign authorities.
"What made this case different was the scope, the timing and the coordination," said Doris Gardner, an FBI special agent who worked on the case. "It was very sophisticated."
Tsurikov was indicted last year in the case along with Viktor Pleshchuk of St. Petersburg, Russia, Covelin of Chisinau, Moldova, and three others from Estonia. The three leading suspects have been convicted in Estonia. In the United States they face up to 20 years in prison for wire fraud charges and between 5 and 10 years for computer fraud charges.
Tsurikov is the first to face his U.S. charges. Officials said extradition of the others is in progress. Tsurikov's lawyer didn't immediately return a call Friday seeking comment.