Hacker behind $9 million RBS WorldPay ATM heist avoids Russian jail

Graham Cluley
Graham Cluley
@[email protected]

ATM cash machine
Russian prosecutors have served a hacker with a six year suspended sentence after he admitted his involvement in a worldwide hack that withdrew $9 million from ATM cash machines.

29-year-old Viktor Pleshchuk, of St. Petersburg, Russia, received a reduced sentence, which includes four years’ probation, after agreeing to assist authorities by providing information about other hackers who broke into computer systems at RBS WordPay.

The criminal gang is alleged to have created counterfeit cloned debit cards with the stolen information, but didn’t stop there. They also are said to have cracked the encryption security used to protect RBS WorldPay PIN numbers, and raised the level of funds available on compromised accounts. Some accounts reportedly had their daily withdrawal limits boosted to up to $500,000.

This is said to have allowed low-level members of the gang to steal over $9 million from more than 2,100 ATMs in at least 280 cities worldwide.. in less than 12 hours.

Sign up to our free newsletter.
Security news, advice, and tips.

The sheer audacity of this criminal scheme, which stole an extraordinary amount of money in such a short time, is mind-boggling.

Pleshchuk and seven other defendants face separate charges in the USA, where they were indicted last year. However, because the United States lacks an extradition treaty with Russia, it seems unlikely Pleshchuk will face charges in America unless he travels outside of his home country.

At the time, Acting United States Attorney Sally Quillian Yates said of the case that it was “perhaps the most sophisticated and organized computer fraud attack ever conducted.”

In addition to the Pleschuk’s probationary sentence, he has also been ordered to pay back more than 275 million rubles (£5.8 million) to RBS WorldPay.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.