Naked Security Naked Security

Suspected mastermind behind mass ATM heist spree finally extradited to US

18 months after his arrest, the Turkish national accused of masterminding a worldwide string of ATM heists netting as much as $55 million has been sent to the US to face trial.

Eighteen months after his arrest, the Turkish national accused of masterminding a worldwide string of ATM heists netting as much as $55 million has been sent to the US to face trial.

Ercan Findikoğlu was once described as the world’s “number two hacker” and is thought to have operated under pseudonyms “Segate” and “Predator”.

As we reported in late 2014, he was arrested in Germany in December 2013 but fought against extradition for some time.

German courts found numerous hurdles in the way of approving the US prosecutors’ requests, including worries about the potential sentence faced by Findikoğlu, which could be as much as 247 years.

There were also issues with the charges leveled against him by the US, which included a conspiracy charge not consistent with German law.

Now it seems that all these obstacles have been resolved, and Findikoğlu flew to the US on Tuesday to face his indictment in a Brooklyn court yesterday.

He stands accused on eight separate counts, including multiple counts of computer intrusion, bank fraud, wire fraud and conspiracy to commit these various frauds, all taking place between early 2010 and mid 2013.

The charges relate to a series of hacks into payment processing firms, including FIS, ECS and EnStage, which led to the accessing of data on prepaid debit cards and the removal of withdrawal limits on those cards.

This data was then used to orchestrate a string of carefully-timed “cashing out” operations where teams of crooks withdrew cash from ATMs in cities around the world.

After smaller runs in February 2011 and December 2012, a massive operation on 19-20 February 2013 saw 36,000 withdrawals in 24 different countries, adding up to $40 million in bank losses.

An operation on this scale involves large numbers of people, and many lower down the chain have already been rounded up, with some having been tried and sentenced; the recent arrests of 25 people in Romania is just one of many incidents thought to be connected to the worldwide investigation into the spree of fraud, and to Findikoğlu.

From the indictment documents released by the US Department of Justice, it seems likely that at least one other suspect sits alongside Findikoğlu at the top of the tree. The charge sheet is heavily redacted, with a second name blacked out each time Findikoğlu’s appears.

Just who this suspected accomplice may be remains mysterious, but it seems likely we’ll be hearing more on this case, which has already been making headlines for several years.

With the hacking operation hitting global institutions at sites around the world, and the cashing-out stage spread across numerous cities and countries, there’s a massive amount of legal work to do to pin down those responsible and get the various countries involved to agree on what to do about the criminals once they’ve been found.

The extradition process can drag on for years even in more straightforward cases, so it’s good to see some progress being made in these highly complex international cybercrime investigations.

For Ercan Findikoğlu, the next step will be trial and the possibility of that epic 247-year sentence.


Image of ATM courtesy of Shutterstock.