Leader Of Three Worldwide Cyberattacks Sentenced To 8 Years For Computer Intrusion

https://www.justice.gov/usao-edny/pr/leader-three-worldwide-cyberattacks-sentenced-8-years-computer-intrusion-and-access

Department of Justice
U.S. Attorney’s Office
Eastern District of New York

FOR IMMEDIATE RELEASE
Friday, February 10, 2017

Leader Of Three Worldwide Cyberattacks Sentenced To 8 Years For Computer Intrusion And Access Device Fraud Conspiracies

Defendant Was the Principal Organizer of Cybercrimes That Netted More Than $55 Million in Proceeds for the Members of a Cybercrime Organization

Earlier today, at the federal courthouse in Brooklyn, New York, Ercan Findikoglu, a Turkish citizen also known by the online nicknames “Segate,” “Predator,” and “Oreon,” was sentenced to eight years for his leadership role in organizing and carrying out three cyberattacks on the global financial system between 2011 and 2013 that caused more than $55 million in losses. Findikoglu pleaded guilty on March 1, 2016, to computer intrusion conspiracy, access device fraud conspiracy, and effecting transactions with unauthorized access devices. In addition, as part of the sentence, the Court ordered Findikoglu to pay $55,080,226.14 in restitution. Today’s proceeding was held before United States District Judge Kiyo A. Matsumoto.
(snip)

According to public court filings, Findikoglu and his co-conspirators used sophisticated intrusion techniques to hack into the systems of credit and debit card processing companies, manipulated network administrator privileges at the victim card processing companies, manipulated account balances of prepaid debit cards to eliminate withdrawal limits on those cards, and stole the personal identification numbers (PINs) associated with the compromised debit cards. Findikoglu and his co-conspirators then disseminated the stolen card numbers and PINs worldwide to trusted associates who encoded magnetic stripe cards with the compromised debit card data. The associates then distributed these cards to teams of cashing crews, who used the cards to make fraudulent ATM withdrawals on a massive scale across the globe. As a result of the effective elimination of withdrawal limits, these cyber-attacks were known as “unlimited operations.”

Findikoglu organized and carried out three such unlimited operations. In the first operation on February 27 and 28, 2011, Findikoglu’s cashing crews withdrew approximately $10 million through approximately 15,000 fraudulent ATM withdrawals in 18 countries. In a second operation on December 21 and 22, 2012, Findikoglu’s cashing crews withdrew approximately $5 million through approximately 5,000 fraudulent ATM withdrawals in 20 countries. During this second operation, in New York alone, cashers conducted more than 700 fraudulent ATM withdrawals, totaling nearly $400,000 in losses, at more than 140 different ATM locations over the course of just two and a half hours. In a third operation on February 19 and 20, 2013, Findikoglu’s cashing crews withdrew approximately $40 million through approximately 36,000 fraudulent ATM withdrawals in 24 countries. During this third operation, in New York alone, cashers conducted nearly 3,000 fraudulent ATM withdrawals, totaling approximately $2.4 million in losses, over the course of approximately 10 hours.
(snip)