A Turkish man, a mastermind behind three hacks that resulted in $55 million loss to the global financial system, has been extradited to the United States to face charges, the U.S. authorities announced on Wednesday.
According to a news report published on Reuters, the prosecutors confirmed Ercan Findikoglu, 33, as the mastermind behind an organization whose hacks resulted in stolen debit card data being distributed worldwide and used to make fraudulent ATM withdrawals.
The prosecutors said that Findikoglu along with his friend hacked into the computer networks of three credit and debit card payment processors: Fidelity National Information Services Inc, ElectraCard Services, now owned by MasterCard Inc, and enStage.
After tapping into those networks, he hacked Visa and MasterCard prepaid debit cards that the processors serviced and caused the cards' account balances to be increased to allow large excess withdrawals.
Then the hackers group disseminated the stolen debit card information to heads of "cashing crews" around the world who in turn conducted tens of thousands of fraudulent ATM withdrawals.
The report says that the prosecutors said in February 2011 operation targeting cards issued by JPMorgan Chase & Co and used by the American Red Cross to provide relief to disaster victims noticed $10 million withdrawn across the globe.
A second operation compromised cards issued by National Bank of Ras Al-Khaimah in the United Arab Emirates, resulting in $5 million in losses in December 2012, court documents said.
Then the hackers compromised cards issued by Bank Muscat in Oman, allowing crews operating in 24 countries to execute 36,000 transactions over a two-day period in February 2013 and withdraw $40 million from ATMs, prosecutors said.
Authorities said that a New York cashing crew alone withdrew $2.8 million in the 2012 and 2013 operations. Thirteen of the crew's members have pleaded guilty.
According to the news report, the prosecutors said that Findikoglu and other high-ranking members of the scheme received proceeds in various forms, including by wire transfer, electronic currency or personal deliveries of cash.
The case is U.S. v. Findikoglu, U.S. District Court, Eastern District of New York, No. 13-0440.
The report says that Findikoglu pleaded not guilty during a hearing in federal court in Brooklyn, New York, after being extradited on Tuesday from Germany, where he was arrested in December 2013, the U.S. Justice Department said.
An indictment unsealed on Wednesday charged Findikoglu, who authorities say went by the online aliases "Segate" and "Predator," with 18 counts including computer intrusion conspiracy, bank fraud and money laundering.