Global ATM Hacker Sentenced to 8 Years in Prison
The ringleader of three highly organized, global cyberattacks on ATMs resulting in $55 million in losses was sentenced Feb. 10 to eight years in prison and ordered to pay more than $55 million in restitution.
Turkish citizen Ercan Findikoglu had pleaded guilty last March to computer intrusion conspiracy, access device fraud conspiracy and effecting transactions with unauthorized access devices.
Findikoglu and his partners hacked into the systems of payment card processing companies, eliminated withdrawal limits on debit cards and stole the PINs from those cards. Magnetic stripe cards were coded with the stolen card numbers and PINs. The cards were distributed to “cashing crews” who used the fraudulent cards to conduct ATM withdrawals in multiple countries, according to an announcement by the U.S. Department of Justice.
The three separate operations occurred within the span of two days. In February 2011, Findikoglu’s cashing crews illegally withdrew approximately $10 million using some 15,000 ATM withdrawals in 18 countries. In December 2012, Findikoglu’s crew withdrew approximately $5 million through 5,000 fraudulent ATM withdrawals in 20 countries. During this second operation, fraudsters in New York, alone, stole nearly $400,000 from more than 700 withdrawals at more than 140 ATMs in less than three hours. The third operation was the criminal organization’s largest, withdrawing in February 2013 approximately $40 million while making 36,000 ATM withdrawals in 24 countries. Again, New York was hit hard. Cashing crews made nearly 3,000 ATM withdrawals, reaping $2.4 million within 10 hours.
“Like any well-organized plan they had it mapped out, and they knew that Broadway had a large number of ATMs in close proximity to each other,” Secret Service Agent Scott Sarafian told CBS News.
Findikoglu, who monitored the entire operations, was a skilled hacker, according to Robert L. Capers, U.S. Attorney for the Eastern District of New York. “The defendant was responsible for hacking into computer networks of financial institutions across the globe and causing tens of millions of dollars in losses,” said Capers. The “sentence effectively neutralizes Findikoglu for years, and also should serve as a strong warning to those who seek to abuse their technical skills to breach the networks of trusted financial institutions.”