Turkish Hacker Behind $55 Million Cyber Heist Pleads Guilty

A Turkish hacker who US prosecutors alleged to be the mastermind behind a number of cyber attacks that collectively amounted to nearly $60 million to be siphoned off from ATMs around the world, has plead guilty.

34-year-old Turkish hacker Ercan Findikoglu has plead guilty in a federal court in Brooklyn, New York, to five counts that includes computer intrusion conspiracy, Reuters reported.

The master scheme involved a global banking heist that saw stolen debit card data being used and distributed among criminals to make fraudulent ATM withdrawals all over the world.

One of the heists in the elaborate scheme was one of the most ‘successful and coordinated banking heists’ in history, according to the prosecutors. The heist, from 2013, saw the withdrawal of $40 million from multiple ATMs across 24 countries. The heist was coordinated across every country and took all of 10 hours to pull off.

Findikoglu, also known as “Predator” and “Seagate” was extradited from Germany in June 2015, where he was arrested in December 2013.

Prosecutors claimed that between 2010 and 2013, hackers including Findikoglu had gained access to the networks of prepaid debit card payment processors. The targeted companies were Fidelity National Information Services Inc and ElectraCard Services, now owned by MasterCard and enStage.

The hackers enabled the prepaid cards’ account balances to have their balances increased substantially, allowing for large excess withdrawals.

Then, the hacking group put together by Findikoglu disseminated the stolen debit card information to “cashing crews” all around the world. These cashing crews then proceeded to conduct tens of thousands of fraudulent ATM withdrawals around the world.

Findikoglu and other high-ranking members of the banking heist received proceeds through various means including wire transfer, electronic money and even personal deliveries of cash.

The biggest heist of the operation saw $40 million withdrawn after cards issued by the Bank of Muscat in Oman was targeted. The heist saw the cashing crew execute 36,000 transactions.

Another operation from 2011 had cards issued by JPMorgan Chase and Co targeted. The heist saw $10 million siphoned away from withdrawals globally.

In another instance, a New York cashing crew withdrew $2.8 million in operations during 2012 and 2013. Thirteen members of the crew have plead guilty.