The eight defendants are charged together in a criminal complaint with conspiracy to commit wire fraud, conspiracy to commit money laundering and conspiracy to commit identity theft. Allegedly, Oleksiy Sharapka, 33, of Kiev, Ukraine, directed the conspiracy with the help of Leonid Yanovitsky, 38, also of Kiev. Oleg Pidtergerya, 49, of Brooklyn, N.Y.; Robert Dubuc, 40, of Malden, Mass.; and Andrey Yarmolitskiy, 41, of Atlanta, managed crews in their respective cities. Richard Gundersen, 46, of Brooklyn, and Lamar Taylor, 37, of Salem, Mass, worked for Pidtergerya and Dubuc, respectively. Ilya Ostapyuk, 31, of Brooklyn, allegedly facilitated the movement of fraud proceeds.
Pidtergerya, Ostapyuk, Dubuc and Yarmolitskiy have already been arrested, Taylor and Gundersen are being pursued by law enforcement, and Sharapka and Yanovitsky, Ukrainian nationals, remain at large.
According to the criminal complaint, the conspiring hackers gained unauthorized access to the computer networks of more than a dozen global financial institutions, including: Aon Hewitt; Automated Data Processing Inc.; Citibank N.A.; E-Trade; Electronic Payments Inc.; Fundtech Holdings LLC, iPayment Inc.; JP Morgan Chase Bank N.A.; Nordstrom Bank; PayPal; TD Ameritrade; U.S. Department of Defense, Defense Finance and Accounting Service; TIAA-CREF; USAA; and Veracity Payment Solutions Inc.
Once inside the victim companies’ computer networks, the defendants and conspirators diverted money from accounts of the companies’ customers to bank accounts and pre-paid debit cards controlled by the defendants. They then implemented a sophisticated “cash out” operation, employing crews of individuals known as “cashers” to withdraw the stolen funds, among other ways, by making ATM withdrawals and fraudulent purchases in New York, Massachusetts, Illinois, Georgia and elsewhere.
As part of the scheme, the defendants stole identities from individuals in the United States, which they used to facilitate the cash out operation, including by transferring money to cards in the names of those stolen identities. They also used some of those identities to file fraudulent tax returns with the IRS seeking refunds.
The defendants and their conspirators laundered the proceeds of the scheme, often through international wire transfer services, to the leaders of the conspiracy overseas.
The government’s ongoing investigation into the organization has so far identified attempts to defraud the victim companies and their customers of more than $15 million.
If convicted, each of the defendants face a maximum potential penalty of 20 years in prison on the conspiracy to commit wire fraud count, 20 years in prison on the conspiracy to commit money laundering count and 15 years in prison on the conspiracy to commit identity theft count. The wire fraud and identity theft counts also carry a maximum fine of $250,000, or twice the gross amount of pecuniary gain or loss resulting from the offenses. The money laundering conspiracy count carries a maximum fine of $500,000, or twice the value of the monetary instruments involved.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.