IT was an elaborate sting executed with military precision, robbing Royal Bank of Scotland customers of more than £6 million in just 12 hours.
But the man behind the heist which crossed international borders has finally been jailed for more than 11 years.
Hacker Sergei Tsurikov, 30, from Estonia, was part of a cyber-crime gang who pulled off the massive robbery by dispatching an army of thieves using cloned debit cards to blitz more than 2,000 cash machines in 280 cities worldwide.
The attack was targeted at RBS’s WorldPay payment processing division based in Atlanta, Georgia, in the United States in November, 2008.
American prosecutors have described the crime as “one of the most sophisticated and organised computer fraud attacks ever conducted.”
Tsurikov – who acted alongside with co-conspirators Viktor Pleshchuk, 32, of St Petersburg, Russia, and Oleg Covelin, 32, of Chisinau, Moldova – was finally tracked down a year later and extradited from Estonia to the US to face trial.
He admitted conspiracy to commit wire fraud and computer intrusion and has now been sentenced to 11 years and three months imprisonment.
He was also ordered to pay £5.2 million in compensation to RBS by United States District Judge Steve C Jones in Atlanta.
Following the sentencing, US Attorney Sally Quillian Yates said: “A leader of one of the most sophisticated cyber-crime rings in the world has been brought to justice and sentenced.
“In just one day in 2008, an American credit card processor was hacked in perhaps one of the most sophisticated and organised computer fraud attacks ever conducted.
“This prosecution was successful because of the efforts of the victim, and unprecedented cooperation from various law enforcement agencies worldwide.”
Pleshchuk was given a suspended sentence on Friday for his part in the fraud. Covelin remains at large.
The gang hacked into the bank’s computer system to clone 44 payroll debit cards and discover their PIN numbers. Payroll debit cards are used by companies to pay staff – employees can use the card to withdraw their regular salaries from an ATM.
The hackers then electronically hiked up the available balances and deleted withdrawal limits for each card, before distributing them to a network of foot soldiers, known as “cashers”.
At the stroke of midnight US time, the cashers drained ATMs using the cloned cards, using machines in Britain, the US, Russia, Ukraine, Estonia, Italy, Hong Kong, Japan and Canada.
During the 12-hour robbery, Pleshchuk and Tsurikov hacked into the bank’s system again to see the transactions taking place on their computer screens. They obtained just under £6.3 million between midnight and noon.
The hackers then deactivated the cards and attempted to destroy records of their crime within the bank’s system. The cashers were allowed to keep 30 per cent to 50 per cent of the cash, with the rest being sent electronically to the hackers.
The gang targeted the bank at the height of the global financial crisis in November 2008, striking just three weeks after RBS chief executive Sir Fred Goodwin was forced to quit.
Igor Grudijev, 32, Ronald Tsoi, 32, Evelin Tsoi, 21, and Mihhail Jevgenov, 34, each of Tallinn, Estonia have also been convicted in that country of fraud relating to the ATM withdrawals.
CONNECT WITH THE SCOTSMAN
• Subscribe to our daily newsletter (requires registration) and get the latest news, sport and business headlines delivered to your inbox every morning
SCOTSMAN TABLET AND IPHONE APPS