Turkish mastermind of $55M ATM fraud pleads guilty

Hacker faces 57 years in prison

Glowing blue montage of hand keying in password at ATM
Credit: Thinkstock

A Turkish citizen who led an operation that hacked into the systems of credit and debit card processing companies between 2011 and 2013 has pleaded guilty in a court in New York, according to officials.

Ercan Findikoglu, 34, also known by his online nicknames Segate, Predator, and Oreon, pleaded guilty to computer intrusion conspiracy, access device fraud conspiracy, and effecting transactions with unauthorized access devices before District Court Judge Kiyo A. Matsumoto of the U.S. District Court for the Eastern District of New York.

Findikoglu was arrested in Germany in 2013 and was extradited to the U.S. in 2015. He could face as much as 57 years in prison on sentencing, according to the U.S. Attorney’s Office in the Eastern District of New York. The operations of his group inflicted more than $55 million in losses on the global financial system, it added.

His group is said to have hacked into the systems of at least three credit and debit card processing companies, stole data for prepaid debit cards and removed withdrawal limits for those debit cards. The group targeted Visa and MasterCard prepaid debit cards serviced by the processors, breached the security protocols that put withdrawal limits on such cards, and then increased the account balances to allow withdrawals in excess of legitimate balances, according to the indictment filed in July 2013. The processors named were Fidelity National Information Services, ElectraCard Services and enStage.

Findikoglu and other co-conspirators were also charged with manipulating network administrator privileges at the card processing companies and stealing the personal identification numbers (PINs) for the compromised debit cards.  The group then disseminated the stolen card data worldwide to the leaders of “cashing crews” around the world, who were directed to use the information to make fraudulent ATM withdrawals in a matter of hours, for which the group would get a commission.

Findikoglu and his group continued to have access to the networks during these operations and sent transaction logs obtained from the networks to the co-conspirators to show how much money was withdrawn and how much was owed to them. In one operation on Feb. 19 and 20, 2013, crews in 24 countries executed about 36,000 transactions to withdraw about  $40 million from ATMs, according to the officials.

To express your thoughts on Computerworld content, visit Computerworld's Facebook page, LinkedIn page and Twitter stream.
Windows 10 annoyances and solutions
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.