Alleged Mastermind Of Global Cybercrime Campaigns Extradited To The United States To Face Charges
Cybercrime Organization Stole $55 Million From Worldwide Financial System In Three Cyberattacks Committed From 2011 To 2013
Earlier today, an indictment was unsealed in Brooklyn federal court charging Ercan Findikoglu, a Turkish citizen also known as “Segate,” with organizing three worldwide cyberattacks that inflicted $55 million in losses on the global financial system in a matter of hours.1 The defendant’s organization used sophisticated intrusion techniques to hack into the systems of global financial institutions, steal prepaid debit card data, and eliminate withdrawal limits. The stolen card data was then disseminated worldwide and used in making fraudulent ATM withdrawals on a massive scale across the globe. The charges announced today follow charges previously brought against other members of the organization, including members of a New York City cell charged in May 2013 in connection with their roles in two of the attacks. The defendant is scheduled to be arraigned at 11 a.m. today before United States Magistrate Judge Lois Bloom at the U.S. Courthouse, 225 Cadman Plaza East, Brooklyn, New York.
The charges were announced by Kelly T. Currie, Acting United States Attorney for the Eastern District of New York, and Robert J. Sica, Special Agent in Charge, United States Secret Service, New York Field Office.
“Cybercriminals, and especially hackers as this defendant is alleged to be, wreak havoc and steal millions of dollars by breaching our information systems and networks with clicks and keystrokes from the perceived anonymity of their computers at locations all over the globe. However, in doing so they leave traces in digital space that allow law enforcement to identify, apprehend, and ultimately hold them accountable for their crimes,” stated Acting United States Attorney Currie. Mr. Currie praised the extraordinary efforts of the Secret Service in investigating these complex network intrusions and thanked the authorities in Germany for their assistance in effecting the defendant’s extradition.
“For the past twenty years, Special Agents assigned to the Secret Service New York Electronic Crimes Task Force have worked closely with our law enforcement partners, the business community, and our partners in academia to pursue cybercriminals who have taken aim at our homeland’s financial infrastructure. Today, we recognize our international law enforcement partners who were instrumental in the extradition of Ercan Findikoglu,” said Secret Service Special Agent in Charge Sica. “The significance of this case cannot be understated as Findikoglu is the alleged mastermind behind the global ATM cashout operations which plagued the financial services sector from 2010 until his capture in late 2013. The Secret Service and its international partners remain committed to solving complex financial crimes as well as tracking down and bringing to justice significant cybercriminals who pose a threat to payment systems worldwide.”
As detailed in the indictment and other court filings, Findikoglu gained unauthorized access to, or “hacked,” the computer networks of at least three payment processors for various types of credit and debit card transactions (the “Victim Processors”). He then targeted Visa and MasterCard prepaid debit cards serviced by the Victim Processors, breached the security protocols that enforce withdrawal limits on those cards, and then dramatically increased the account balances on those cards to allow withdrawals far in excess of the legitimate card balances.
Findikoglu allegedly managed a trusted group of co-conspirators who disseminated the stolen debit card information to leaders of “cashing crews” around the world; they, in turn, used the stolen information to conduct tens of thousands of fraudulent ATM withdrawals. During these operations, Findikoglu allegedly maintained access to the computer networks of the Victim Processors in order to monitor the withdrawals. These coordinated, calculated cyberattacks are known in the cyber-underworld as “Unlimited Operations” because the manipulation of withdrawal limits enables the withdrawal of literally unlimited amounts of cash until the operation is shut down.
In one operation on February 27 and 28, 2011, cashing crews withdrew approximately $10 million through approximately 15,000 fraudulent ATM withdrawals in at least 18 countries. In a second operation on December 22, 2012, cashing crews withdrew approximately $5 million through more than 4,500 ATM in approximately 20 countries. In a third operation on February 19 and 20, 2013, cashing cells in 24 countries executed approximately 36,000 transactions and withdrew approximately $40 million from ATMs. During this third operation, in New York City alone, cashing crews withdrew approximately $2.4 million in nearly 3,000 ATM withdrawals over the course of less than 11 hours.
Once the funds were extracted, Findikoglu and high-ranking members of the conspiracy allegedly received the proceeds from other co-conspirators in various forms, including by wire transfer, electronic currency, and the personal delivery of United States and foreign currency. On one occasion, members of a New York City cashing crew transported approximately $100,000 to co-conspirators in Romania. Findikoglu directed a co-conspirator to destroy evidence of their criminal activities after learning that a member of a New York cashing crew had been arrested.
On December 18, 2013, Findikoglu was arrested in Frankfurt, Germany, and yesterday was extradited to the United States.
The government’s case is being handled by the Office’s National Security & Cybercrime Section. Assistant United States Attorneys Hilary Jager, Douglas M. Pravda, Richard M. Tucker, and Saritha Komatireddy are in charge of the prosecution. Assistant United States Attorney Brian Morris of the Office’s Civil Division is responsible for the forfeiture of assets. Additional assistance was provided by Marcus Busch and Cristina M. Posa of the Justice Department’s Office of International Affairs.
E.D.N.Y. Docket No. 13-CR-440 (KAM)
1. The charges in the indictment are merely allegations, and the defendant is presumed innocent unless and until proven guilty.