A Turkish man accused of masterminding a series of ATM cyberheists that netted his gang $55 million, has been extradited to the US.
After spending 18 months in a German jail fighting his extradition, Ercan Findikoglu arrived in a New York court this week where he pleaded not guilty to 18 charges, including money laundering, wire fraud and computer intrusion. He has not been granted bail.
According to authorities, Findikoglu hacked the computer networks of at least three payment processors, sought out Visa and MasterCard prepaid cards and increased their account balances.
He then allegedly managed a team that gave the stolen card data to teams of "cashing crews" around the world that carried out three coordinated raids of tens of thousands of ATM withdrawals.
The first cash-out affected cards issued by JPMorgan Chase and used by the American Red Cross and happened in February 2011, with $10 million taken in around 15,000 withdrawals in at least 18 countries.
A second attack in December 2012 involving cards issued by National Bank of Ras Al-Khaimah took $5 million, while a third, in February 2013, saw the gang use Bank Muscat card data to steal $40 million in 36,000 withdrawals in 24 countries.
Findikoglu and other high-ranking gang members received the proceeds from other co-conspirators in various forms, including by wire transfer, electronic currency and the personal delivery of cash, it is alleged.
Acting US Attorney Kelly Currie says: "Cybercriminals, and especially hackers as this defendant is alleged to be, wreak havoc and steal millions of dollars by breaching our information systems and networks with clicks and keystrokes from the perceived anonymity of their computers at locations all over the globe.
"However, in doing so they leave traces in digital space that allow law enforcement to identify, apprehend and ultimately hold them accountable for their crimes."