Ukrainian man jailed for stealing $15 million from Russian banks

Bank funds were stolen by hackers as part of a wider cybercriminal ring.
Written by Charlie Osborne, Contributing Writer

A Ukrainian national has been sentenced to 13 years behind bars for his part in stealing over $15 million from Russian banks.

Law enforcement says that the individual was the organizer of a criminal group dedicated to financial theft made possible through cybercrime, according to the Russian Legal Information Agency (RAPSI).

The news agency reported on Wednesday that the Ukrainian man has been found guilty of operating schemes leading to the theft of one billion rubles from commercial banks.

See also: Pro-Tibet groups targeted with ExileRAT in spy campaign

Prosecutors say that 39.5 million rubles from Promsvyazbank, 45 million rubles from Bank Uralsib, 106 million rubles from Trust Bank, and 883.5 million rubles from Bank Zenit was allegedly stolen in a six-month period during 2014.

Reports suggest that the theft was made possible through the use of "special software" which permitted illegal withdrawals from accounts belonging to customers before "restoring the balance at the expense of the banks themselves."

CNET: Lawmakers have questions for Apple about FaceTime eavesdropping bug

Transactions would be made through bank cards and then malware would be used to cancel the command mid-transaction. As the transfer failed, the bank would return the money to the sender's account, but this would, in some form, be covered by the victim bank. This technique allegedly allowed the criminals to double their money with each trade.

Law enforcement also believes that some of the alleged criminals made use of devices which tampered with ATMs.

The Ukrainian citizen will serve out his sentence in a high-security prison, but he is not the only member of the cybercriminal ring to be tracked down and prosecuted. In total, 14 members of the alleged scheme have been charged with operating a criminal group, theft, and fraud.

TechRepublic: Attention developers: Google wants to pay you $15,000 to improve cloud security

In January, US authorities charged a 26-year-old Ukrainian national, resident in Kiev, with stealing corporate data from the US Securities and Exchange Commission (SEC)'s EDGAR system and passing it to third-parties for the purposes of insider trading. 

The same individual was found guilty of compromising three separate newswire services in order to access non-public information which could also be used for the same ends.

These are the worst hacks, cyberattacks, and data breaches of 2018

Previous and related coverage

Editorial standards