Russia arrests $9 million cash machine hackers

Hani Megerisi Read more March 22, 2010

Three men accused of hacking into Royal Bank of Scotland cash machines have been arrested in Russia.

Russia arrests $9 million cash machine hackers

Suspected ringleader Viktor Pleshchuck was arrested along with Sergei Tsurikov, Oleg Covelin and another unnamed hacker, after an indictment from the FBI named them as the culprits behind the attack, according to the Financial Times.

However, since no extradition treaty exists between the countries, it’s unlikely the group will be tried in the US.

The attack on RBS cash machines saw more than $9 million withdrawn from 2,100 ATMs across the world in only 12 hours. This was achieved by hacking the data encryption on payroll cards used by RBS WorldPay employees.

The arrests come as Russia announced a crackdown on cybercrime. From 1 April, anyone who registers a .ru domain name will have to provide a copy of their passport. All businesses will need to provide legal registration papers.

Security experts claim the Russians are following the example of the Chinese, who introduced similar controls earlier this year. “In January we saw 15% to 20% of all URLs in spam messages were .cn and only approximately 1% or 2% were Russian,” said Symantec security analyst, Candid Wueest. “Recently we’ve seen as many as 30% to 40% of URLs are Russian and only 1% are .cn.”

Wueest fears the Russian regulations will only push the problem elsewhere, however. “Unfortunately, I think it’s only going to be a switch to another [country]. Next could be Vietnam or any other unregulated country,” he added.

A report published last month by Sophos showed that Russia was ranked as the second largest host of malware, with 12.8% of such sites hosted in the country.