Evgeny Tarasovich Levitskyy, a/k/a Vinchenco, a/k/a Vinch, a/k/a M.U.R.D.E.R.E.R., 31, of Nikolaev, Ukraine, was arraigned today before Catherine M. Salinas, United States Magistrate Judge, on federal charges of conspiracy to commit bank fraud, bank fraud, conspiracy to commit wire fraud, and wire fraud. Levitskyy was indicted by a federal grand jury on October 13, 2015.
“In just one day in 2008, an American credit card processor was hacked in perhaps one of the most sophisticated and organized computer fraud attacks ever conducted. A team of hackers and cashers, stationed in 280 cities around the world, stole over $9 million dollars in 12 hours from 2100 ATMs worldwide,” said U. S. Attorney John Horn. “Our pursuit of the perpetrators of this international scheme has continued for over seven years and demonstrates that we will persevere in seeking justice for international cyber- criminals for as long as it takes.”
J. Britt Johnson, Special Agent in Charge, FBI Atlanta Field Office, stated: “The arrest and extradition of Evgeny Levitskyy is the result of a multi-national effort led by the FBI, clearly showing the benefits of global cooperation among US and international law enforcement. It demonstrates the FBI’s long-term commitment to identifying and pursuing cyber-criminals world-wide, and serves as a strong deterrent to others targeting America’s financial institutions and citizens. This arrest and extradition also highlights the benefits of forward-deploying FBI cyber special agents to foreign countries, who forge and maintain key relationships to facilitate opportunities such as this. We must continue to impose real costs on criminals who believe they are far enough away to hack into US companies to steal money or intellectual property without consequences. Levitskyy’s arrest and extradition removes a cashing leader from the resources available to the cyber-criminal underground, thereby deteriorating the capabilities of cyber-criminal groups seeking to monetize cyber-attacks.”
Michael Breslin, Special Agent in Charge of the United States Secret Service’s Criminal Investigative Division, stated: “Based on our longstanding role in transnational cyber investigations and network intrusions, the Secret Service worked in conjunction with our law enforcement partners to provide critical evidence to further this investigation. Our partnerships in law enforcement, the private sector, and academia are our greatest resources in combatting these sophisticated and complex crimes and today’s arraignment is proof that our strong commitment endures across all borders.”
According to United States Attorney Horn, the charges and other information presented in court: During November 2008, a team of hackers, including Estonian national Sergei Tšurikov and others, obtained unauthorized access into the computer network of RBS WorldPay, what was then the U.S. payment processing division of the Royal Bank of Scotland Group PLC, located in Atlanta, Ga. The group used sophisticated hacking techniques to compromise the data encryption that was used by RBS WorldPay to protect customer data on payroll debit cards. Payroll debit cards are used by various companies to pay their employees. By using a payroll debit card, employees are able to withdraw their regular salaries from an ATM.
Once the encryption on the card processing system was compromised, the hacking ring raised the account limits on compromised accounts to amounts exceeding $1,000,000. The hackers then provided a network of cashers with 44 counterfeit payroll debit cards, which were used to withdraw more than $9 million from over 2,100 ATMs in at least 280 cities worldwide, including cities in the United States, Russia, Ukraine, Estonia, Italy, Hong Kong, Japan, and Canada. The $9 million loss occurred within a span of less than 12 hours.
The hackers then sought to destroy data stored on the card processing network in order to conceal their hacking activity. The cashers were allowed to keep 30 to 50 percent of the stolen funds, but transmitted the bulk of those funds back to Tšurikov and his co-defendants. Upon discovering the unauthorized activity, RBS WorldPay immediately reported the breach, and has substantially assisted in the investigation.
Throughout the duration of the cash out, Tšurikov and another hacker monitored the fraudulent ATM withdrawals in real-time from within the computer systems of RBS WorldPay.
Levitskyy, a Ukrainian national, is alleged to have been responsible for cashing out nearly $500,000 associated with a single hacked debit card number.
The charges in this case carry a maximum sentence of 30 years in prison and a fine of up to $1,000,000 on each count. In determining the actual sentence, the Court will consider the United States Sentencing Guidelines, which are not binding but provide appropriate sentencing ranges for most offenders.
To date, the U.S. Attorney’s Office for the Northern District of Georgia has charged 14 individuals involved in the hack and cash out, including Russian nationals Viktor Pleshchuk, Evgeniy Anikin, and Roman Seleznev; Estonian nationals Sergei Tsurikov, Igor Grudijev, Ronald Tsoi, Eveilyn Tsoi, and Mikhail Jevgenov; Moldovan national Oleg Covelin; Ukrainian nationals Vladimir Valeyrich Tailar and Evgeny Levitskyy; Nigerian national Ezenwa Chukukere; American national Sonya Martin; and Vladislav Horohorin, who is citizen of Russia, Israel, and Ukraine.
Members of the public are reminded that the indictment only contains charges. The defendant is presumed innocent of the charges and it will be the government’s burden to prove the defendant’s guilt beyond a reasonable doubt at trial.
This case is being investigated by the Federal Bureau of Investigation and United States Secret Service.
Assistant United States Attorneys Lawrence R. Sommerfeld and Kamal Ghali are prosecuting the case. Assistance was provided by the Justice Department’s Office of International Affairs, the Criminal Division’s Computer Crime and Intellectual Property Section, the Republic of Slovenia’s Ministry of Interior Criminal Police Directorate (“MNZ”), and the Czech Republic’s Policie Ceske Republiky (“PCR”).