Eight charged for hacking global financial institutions

Eight alleged members of an international cybercrime, money laundering and identity theft conspiracy have been federally charged in New Jersey with a scheme to use information hacked from customer accounts held at more than a dozen banks, brokerage firms, payroll processing companies and government agencies in an attempt to steal at least $15 million from U.S. customers.

The eight defendants are charged together in a criminal complaint with conspiracy to commit wire fraud, conspiracy to commit money laundering and conspiracy to commit identity theft. Allegedly, Oleksiy Sharapka, 33, of Kiev, Ukraine, directed the conspiracy with the help of Leonid Yanovitsky, 38, also of Kiev. Oleg Pidtergerya, 49, of Brooklyn, N.Y.; Robert Dubuc, 40, of Malden, Mass.; and Andrey Yarmolitskiy, 41, of Atlanta, managed crews in their respective cities. Richard Gundersen, 46, of Brooklyn, and Lamar Taylor, 37, of Salem, Mass, worked for Pidtergerya and Dubuc, respectively. Ilya Ostapyuk, 31, of Brooklyn, allegedly facilitated the movement of fraud proceeds.

Pidtergerya, Ostapyuk, Dubuc and Yarmolitskiy have already been arrested, Taylor and Gundersen are being pursued by law enforcement, and Sharapka and Yanovitsky, Ukrainian nationals, remain at large.

According to the criminal complaint, the conspiring hackers gained unauthorized access to the computer networks of more than a dozen global financial institutions, including: Aon Hewitt; Automated Data Processing Inc.; Citibank N.A.; E-Trade; Electronic Payments Inc.; Fundtech Holdings LLC, iPayment Inc.; JP Morgan Chase Bank N.A.; Nordstrom Bank; PayPal; TD Ameritrade; U.S. Department of Defense, Defense Finance and Accounting Service; TIAA-CREF; USAA; and Veracity Payment Solutions Inc.

Once inside the victim companies’ computer networks, the defendants and conspirators diverted money from accounts of the companies’ customers to bank accounts and pre-paid debit cards controlled by the defendants. They then implemented a sophisticated “cash out” operation, employing crews of individuals known as “cashers” to withdraw the stolen funds, among other ways, by making ATM withdrawals and fraudulent purchases in New York, Massachusetts, Illinois, Georgia and elsewhere.

As part of the scheme, the defendants stole identities from individuals in the United States, which they used to facilitate the cash out operation, including by transferring money to cards in the names of those stolen identities. They also used some of those identities to file fraudulent tax returns with the IRS seeking refunds.

The defendants and their conspirators laundered the proceeds of the scheme, often through international wire transfer services, to the leaders of the conspiracy overseas.

The government’s ongoing investigation into the organization has so far identified attempts to defraud the victim companies and their customers of more than $15 million.

If convicted, each of the defendants face a maximum potential penalty of 20 years in prison on the conspiracy to commit wire fraud count, 20 years in prison on the conspiracy to commit money laundering count and 15 years in prison on the conspiracy to commit identity theft count. The wire fraud and identity theft counts also carry a maximum fine of $250,000, or twice the gross amount of pecuniary gain or loss resulting from the offenses. The money laundering conspiracy count carries a maximum fine of $500,000, or twice the value of the monetary instruments involved.