Turkish Hacker Pleads Guilty to $55m ATM Cyber Heist

Turkish Hacker Pleads Guilty to $55m ATM Cyber Heist

A Turkish born hacker has pleaded guilty to his part in a sophisticated cybercrime campaign which cost the financial sector $55 million, and now could face over 57 years behind bars.

Ercan Findikoglu, 34, admitted conspiracy to commit computer intrusion and access device fraud, and carrying out transactions using unauthorized devices.

He orchestrated three cybercrime campaigns between 2011-2013 which involved hacking into credit and debit card companies and changing admin privileges so he could eliminate withdrawal limits and steal PINs for pre-paid cards, according to the US Attorney’s Office for the Eastern District of New York.

Using a network of co-conspirators around the world, he is then said to have disseminated the stolen data so that fraudulent ATM withdrawals could be made on a massive scale, resulting in the loss of tens of millions of dollars.

In one operation in February 2013, Findikoglu is said to have directed his crew to make around 36,000 transactions in 24 countries, withdrawing approximately $40 million from ATMs including $2.4m in New York City alone in under 11 hours.

In total, an estimated $55 million was lost in the cyber raids, with Findikoglu apparently getting a “significant portion” of the spoils.

The hacker managed to evade capture for some time before being finally arrested by German police in Frankfurt in December 2013. He then spent the next 18 months unsuccessfully fighting extradition.

Several other members of the gang have been convicted already, according to the statement.

“By hacking into the computer networks of global financial institutions, the defendant and his co-conspirators were able to wreak havoc with the worldwide financial system by simultaneously withdrawing tens of millions of dollars,” said US attorney Robert Capers, in a statement. 

“Today’s guilty plea by a leader of these massive cyber-attacks demonstrates this office’s commitment to pursue those who use the perceived safety and anonymity of their computers to steal from innocent victims.”

Although Findikoglu is facing a stretch of 57.5 years, it is thought prosecutors will settle for a period of not more than 14 years, according to the Washington Times.

Source: Information Security Magazine