Royal Bank of Scotland raiders' huge £6m haul in just 12 hours
Mar 14 2010 Exclusive by Russell Findlay, Sunday Mail
COMPUTER hackers linked to the Russian mafia robbed Royal Bank of Scotland customers of £6million in 12 hours.
The crooks pulled off the massive sting by dispatching an army of thieves using cloned debit cards to blitz more than 2000 cash machines in 280 cities worldwide.
Stunned bosses at the Edinburgh bank were helpless to stop £6million of cash being plundered from the ATMs in Scotland's biggest bank heist.
But, we can reveal gang leader Viktor Pleshchuk, 28, has been snared in the Russian city of St Petersburg following a massive FBI investigation.
Acting US Attorney Sally Quillian Yates described the heist as "perhaps the most sophisticated and organised computer fraud attack ever conducted".
The plot was hatched by Oleg Covelin, 28, in Moldova, who discovered a flaw in the bank's computer system.
He contacted Sergei Tsurikov, 25, in Tallin, Estonia, who joined forces with Pleshchuk to orchestrate the electronic heist.
The gang hacked into the bank's system to clone 44 debit cards and discover their PIN numbers.
They electronically hiked the available balances and deleted withdrawal limits on each card before distributing them to a network of foot soldiers, known as "cashers".
At the stroke of midnight US time, the cashers drained ATMs using the cloned cards.
They struck at machines in Britain, the US, Russia, Ukraine, Estonia, Italy, Hong Kong, Japan and Canada.
During the 12-hour robbery, Pleshchuk and Tsurikov hacked back into the bank's system to see the transactions taking place on their computer screens.
They obtained just under $9.5million - around £6.3million - between midnight and noon.
FBI Agent Ross Rice said: "We've seen similar attempts to defraud a bank through ATM machines but not anywhere near the scale we have here."
The hackers then deactivated the cards and attempted to destroy electronic records of their crime within the bank's system.
The cashers were allowed to keep 30 to 50 per cent of the cash with the rest being sent electronically back to the hackers.
The three suspects have all been extradited to the US where they are to stand trial accused of the attack on the RBS WorldPay division in Atlanta.
Former hacker Kevin Mitnick, who now works as a computer security consultant, said: "It was so well co-ordinated. These guys hacked into RBS WorldPay, they took control of their servers and reverse engineered the encryption so they could get the debit card PINs.
"They then distributed the account numbers and PINs to a network of cashers - criminals who will withdraw funds from ATMs.
"They co-ordinated this attack so the cashers would cash out in a 12-hour period and stole $9.5million. That's an incredibly sophisticated attack."
The gang targeted the bank at the height of the global financial crisis in November 2008, striking just three weeks after shamed RBS chief Sir Fred Goodwin was forced to quit.
At that time, the bank was only saved from collapse by an emergency £20billion injection of public cash and is now 84 per cent owned by British taxpayers.
Angry US customers whose cards were cloned by the gang are suing RBS in a $5million class action lawsuit.
The action by Keith Irwin, of Pennsylvania, accuses the bank of negligence and breach of contract.
Michael McCoy, of the Identity Theft Institute, received a warning letter from RBS telling him that his personal details may have been stolen by the gang.
But he hit out as the bank only offered a 12-month free credit rating - while warning customers to be vigilant for 24 months.
He said: "It's an insult to me and any other consumer.
"Come on, a one-year subscription, what's that going to do?
"Any intelligent thief understands these letters are going out so why won't they use it in the 13th month?
"On the back of this letter they encourage you to remain vigilant for 12 to 24 months but they're only going to offer me a product for 12 months. It boggles my mind."
Customers are also angry at the fact the bank "identified the breach" on November 10, 2008, but kept it secret for 43 days.
They eventually issued a press release in the US about the fraud two days before Christmas in what furious victims claim was a deliberate ruse to avoid publicity.
The press release said fraud had only been committed on 100 cards - giving no hint of the financial scale of the attack.
A fourth unnamed hacker is also facing criminal charges. He is believed to have fully co-operated with the FBI.
In the dock with the four hackers are four other Estonians. Tsurikov is accused of distributing cards and PINs to Igor Grudjev in Estonia.
Grudjev then distributed them to Ronald Tsoi, Evelin Tsoi and Mihhail Jegenvov, who withdrew £191,000 from ATMs in Tallin during the 12-hour period.
The cloned cards belonged to US workers whose wages are paid directly into their bank accounts.
The RBS WorldPay website states: "From face-to-face transactions to online and phone transactions, we provide an effective, secure service."
At the time, Ben Barone, president and CEO of RBS WorldPay, said: "We have taken important, immediate steps to mitigate risk and none of the affected cardholders will be responsible for unauthorised activity on their account resulting from this situation."
RBS declined to comment because of the ongoing legal proceedings.
Raid was planned like terror operation
Experts claim preparation for the worldwide bank scam was on a similar scale to an al-Qaeda terrorist operation.
Uri Rivner, of RSA Identity Protection & Verification, said: "The technical aspects in this case were not that impressive but the level of co-ordination was staggering.
"Managing time zone issues and co-ordinating cashers in nine nations - all required to hit as many ATMs as possible within 12 hours - makes me think of an al-Qaeda type of strategy of multiple attacks in a single day.
"A lot of planning and a very high degree of international co-operation went into this."
The four hackers in the dock are all in their 20s, from Russia and other former Soviet states. The FBI are in no doubt that they worked for the Russian mafia. Once they had identified a way into the RBS internal network, they spent months plotting on private internet forums.
They began looking for "jackpot servers" using free scanning software to locate valuable, protected data.
Experts reckon they stumbled on the details of the 44 cards before artificially hiking the balances and abolishing the daily withdrawal limits.