Turkish hacker gets 8 years in $55M ATM milking scheme
A Turkish man who led a multinational cybercrime gang that stole $55 million by hacking ATM card issuers and making fraudulent cards was sentenced to eight years in prison by a federal court Friday.
The sentence, which also included a requirement that Ercan Findikoglu pay back the $55 million, was announced by Robert Capers, U.S. attorney for the Eastern District of New York in a statement.
Findikoglu pleaded guilty on March 1 last year to computer intrusion conspiracy, access device fraud conspiracy, and effecting transactions with unauthorized access devices. He was extradited from Germany in 2015 after being secretly indicted two years earlier.
Findikoglu was the hacker mastermind of the scheme, according to the indictment, gaining unauthorized access to the IT networks of card issuers on three occasions between 2011 and 2103 . In each case, Findikoglu, once he had obtained system administrator privileges in the system, would select certain prepaid debit card accounts, eliminate withdrawal limits on them and then distribute the account numbers, together with their PINs to trusted associates across the globe. They would then encode magnetic stripe cards with the compromised debit card data and distribute them to teams of “cashiers,” who used them to make fraudulent ATM withdrawals on a massive scale.
Because the gang always started by eliminating withdrawal limits, these cyberattacks were known as “unlimited operations,” Capers’ statement said.
In the third and final attack, in February 2013, the prolific gang made over 36,000 withdrawals in 24 different countries totaling about $40 million in only 10 hours. Nearly 3,000 of those withdrawals were in New York City totaling $2.4 million.
“Findikoglu was a skilled hacker who chose to use his considerable computer talents for criminal financial gain and to wreak economic havoc, rather than for legitimate pursuits,” said Capers. “Today’s sentence effectively neutralizes Findikoglu for years, and also should serve as a strong warning to those who seek to abuse their technical skills to breach the networks of trusted financial institutions.”