Members of a group that conspired to use stolen banking information to run money laundering and identity theft schemes have been charged by a U.S. federal agency.
New Jersey U.S. Attorney Paul J. Fishman announced that eight alleged members of an international cybercrime ring are being charged after conspiring to "use information hacked from customer accounts held at more than a dozen banks, brokerage firms, payroll processing companies and government agencies" in order to steal at least $15 million from U.S. customers.
The eight defendants are being charged together in a criminal complaint with conspiracy to commit wire fraud, conspiracy to commit money laundering and conspiracy to commit identity theft.
The alleged controller of the cybercrime ring was Oleksiy Sharapka, 33, of Kiev, Ukraine. With the help of Leonid Yanovitsky, 38, also of Kiev, and Oleg Pidtergerya, 49, of Brooklyn, N.Y., Robert Dubuc, 40, of Malden, Mass., and Andrey Yarmolitskiy, 41, of Atlanta, the defendants allegedly managed cybercriminals in their respective cities to pull off fraudulent activities.
In addition, Brooklyn-based Ilya Ostapyuk, 31, is being charged with allegedly facilitating the transfer of money gained by criminal acts.
Pidtergerya, Ostapyuk and Dubuc were arrested at their homes by federal agents, and Yarmolitskiy was later apprehended at John F. Kennedy International Airport. Taylor and Gundersen are being pursued, while Sharapka and Yanovitsky are still at large.
The conspiring hackers allegedly gained access to over a dozen financial institution computer systems, including Citibank, JP Morgan Chase Bank, PayPal, the U.S. Department of Defense, Defense Finance and Accounting Service, Veracity Payment Solutions and Aon Hewitt.
Once inside the networks, federal agents say that the defendants and conspirators diverted money from accounts of the companies’ customers to bank accounts and pre-paid debit cards controlled by the cybercrime ring. Individuals were then employed to withdraw the funds through ATMs and purchases across the United States.
In addition, the defendants allegedly stole U.S. identities to facilitate the scheme, as well as try to claim refunds through fraudulent tax return submissions to the IRS.
Federal prosecutors claim that attempts were made to defraud both businesses and individuals of over $15 million.
"According to the complaint unsealed today, cybercriminals penetrated some of our most trusted financial institutions as part of a global scheme that stole money and identities from people in the United States,” said U.S. Attorney Fishman. "Today’s charges and arrests take out key members of the organization, including leaders of crews in three states that used those stolen identities to "cash out" hacked accounts in a series of internationally coordinated modern-day bank robberies. We will continue to pursue our investigation into this scheme and our fight against the rising threat of criminals for whom computers are the weapon of choice."
If convicted, each defendant faces a maximum of 20 years behind bars on the conspiracy to commit wire fraud count, 20 years in prison on the conspiracy to commit money laundering count and 15 years in prison on the conspiracy to commit identity theft count. In addition, a maximum penalty of $250,000 can be set resulting from corporate losses, and a $500,000 fine based on the money laundering conspiracy count.
Over the past three fiscal years, the Justice Department has filed nearly 10,000 financial fraud cases against nearly 15,000 defendants.