Hacker gets prison for cyberattack stealing $9.4M


ATLANTA (AP) — An Estonian national who pleaded guilty to orchestrating a 2008 cyberattack on a credit card processing company that enabled hackers to steal $9.4 million from ATMs around the world was sentenced to 11 years in prison and ordered to repay most of the money, prosecutors said Friday.

Sergei Nicolaevich Tsurikov, 30, was sentenced earlier in the week in an Atlanta federal court.

“A leader of one of the most sophisticated cybercrime rings in the world has been brought to justice and sentenced,” U.S. Attorney Sally Quillian Yates of the Northern District of Georgia said in a statement Friday.

Prosecutors said Tsurikov, of Tallinn, Estonia, and others hacked the Royal Bank of Scotland Group in Atlanta in November 2008. They said the group accessed prepaid payroll card numbers, cracked their encrypted PIN codes, raised the balances on the cards and distributed dozens of them to a team of people around the world.

The counterfeit payroll debit cards were used to withdraw money from more than 2,100 ATM terminals in at least 280 cities from the U.S. to Russia, to Italy and Japan. Authorities said in a single day the group stole $9.4 million — about 1,000 times the cash stolen in a typical U.S. bank robbery.

In August 2010, authorities brought Tsurikov from Estonia to Atlanta to face arraignment on fraud charges. Two years later, in September 2012, he pleaded guilty to counts of conspiracy to commit wire fraud and computer intrusion. As part of his sentence, Tsurikov was ordered to pay $8.4 million in restitution.

The FBI got onto the hackers’ trail after RBS noticed their intrusion and alerted authorities. Investigators said they managed to trace the culprits using on cyber forensics, international banks and foreign authorities.

Hi Tech Crime Solutions