An Estonian man has been extradited to the United States to face charges that he helped hack into a computer network used by credit card-processing company RBS WorldPay and stole more than $9.4 million, the U.S. Justice Department said Friday.
Sergei Tsurikov, 26, arrived in Atlanta, Georgia, where a U.S. judge on Friday ordered that he be detained pending trial, after prosecutors expressed concerns that he could flee the country.
A U.S. grand jury in November indicted eight people from Estonia, Russia and Moldova on charges that they compromised the data encryption used by RBS WorldPay, which is based in Atlanta and is part of Royal Bank of Scotland.
The ring was charged with breaking into RBS WorldPay's computer network for payroll debit cards, which enable employees to withdraw their salaries from automated teller machines.
The group was accused of raising the limits on certain accounts and giving out 44 counterfeit payroll debit cards for people to withdraw the money at ATMs around the world, including in the United States, Japan and Russia.
The people who withdrew the money were able to keep some of it but sent much of it back to the leaders of the group, including Tsurikov, the indictment said.
More than $9 million was withdrawn in less than 12 hours from more than 2,100 ATMs around the world, the Justice Department said, adding that RBS WorldPay immediately reported the breach once it was discovered.
"Computer hackers who steal from American financial networks must be held accountable for their crimes, whether they operate here or abroad," Assistant Attorney General Lanny Breuer said in a statement.
Tsurikov was accused of helping the ring break into the computer network, monitoring the ATM withdrawal transactions as they occurred and then trying to cover the group's tracks by destroying or trying to destroy data, according to U.S. prosecutors.
While U.S. authorities have been able to crack down on cyber crimes originating domestically, the FBI has had to rely increasingly on foreign partners to restrict attacks from places like Egypt, Turkey and Hong Kong. Federal officials praised authorities in Estonia for assisting in both the investigation and extradition in the hacker case.
The increasing scope of foreign attacks comes as college students around the world are focusing heavily on technology degrees, only to emerge into a difficult job market with low pay, officials said.
"When you can't find a legitimate job making big money, you find some way to make money," said Colleen Moss, head of the FBI's Cyber Crime Squad in North Carolina. "There's a lot of high-tech trained folks out there who either don't have a job or aren't making what they'd like to."
The RBS case began when a 29-year-old Moldovan, Oleg Covelin, found a vulnerability in the computer network, the FBI said. He passed the details to Tsurikov, according to FBI officials, and he conducted "reconnaissance" to assess the vulnerability before sharing his findings with a colleague in Russia.
"What made this case different was the scope, the timing and the coordination," said Doris Gardner, an FBI special agent who worked on the case. "It was very sophisticated."
Tsurikov was indicted last year in the case along with Viktor Pleshchuk of St. Petersburg, Covelin of Chisinau, Moldova, and three others from Estonia. The three leading suspects have been convicted in Estonia. In the United States, they face up to 20 years in prison for wire fraud charges and between five and 10 years for computer fraud.
Tsurikov is the first to face his U.S. charges. Officials said extradition of the others was in progress. Tsurikov's lawyer did not immediately return a call Friday seeking comment.