Cybercriminal sentenced to 50 months for role in hacking campaign

Hackers Targeted International Financial System

June 30, 2015 Brooklyn Daily Eagle

Kelly T. Currie, acting U.S. attorney for the Eastern District of New York. AP photo

Share this:

On Monday morning at the federal courthouse in Brooklyn, Qendrim Dobruna, a member of an international cybercrime syndicate, was sentenced to 50 months imprisonment and restitution in the amount of $14 million for his role in hacking into the computer systems of U.S.-based financial institutions, stealing prepaid debit card data and eliminating withdrawal limits. The stolen card data was then disseminated worldwide and used in making fraudulent ATM withdrawals in excess of $14 million in a single weekend.

The sentencing was held before U.S. District Judge I. Leo Glasser. Dobruna pleaded guilty to bank fraud on July 11, 2014.

The sentence was announced by Kelly T. Currie, acting U.S. attorney for the Eastern District of New York, and Robert J. Sica, special agent in charge, U.S. Secret Service, New York Field Office.

“The defendants and his co-conspirators participated in a massive 21st-century heist that stretched around the globe,” stated Currie. “Using sophisticated methods, the organization reached into the computer systems of American-based corporations and transmitted illegally obtained private financial information to confederates in 18 different countries who stole millions of dollars from hundreds of ATMs in a matter of hours.”

“Today’s sentence serves as a warning to cybercriminals around the world that law enforcement is committed to solving these cybercrimes, no matter how sophisticated, and bringing the perpetrators to justice wherever they may be found,” Currie continued.

“This operation demonstrates that combining international law enforcement resources sends a strong message to criminals, that there is no such thing as anonymity in the cyber world,” Sica said. “Secret Service agents utilize state-of-the-art investigative techniques to identify and pursue cyber criminals around the world. The adverse impact this individual and other transnational organized criminal groups have on our nation’s financial infrastructure is significant and should not be underestimated.”

Between approximately Feb. 27, 2011 and March 1, 2011, the defendant and his co-conspirators conducted an “Unlimited Operation,” which begins when the cybercrime organization hacks into the computer systems of a credit card processor, compromises prepaid debit card accounts and essentially eliminates the withdrawal limits and account balances of those accounts. The elimination of withdrawal limits enables the hackers and their co-conspirators to withdraw unlimited amounts of cash until the operation is shut down.

Next, the cybercrime organization cashes in by distributing the hacked prepaid debit card numbers to trusted associates around the world, who then immediately withdraw cash from ATMs across the globe. At the end of an operation, when the cards are finally shut down, the casher cells launder the proceeds — often investing the operation’s proceeds in luxury goods — and kick back money to the cybercrime organization’s leaders.

On Feb. 27, 2011, hackers targeted a credit card processor that processed transactions for prepaid debit cards issued by the American Red Cross for disaster relief victims. After the hackers penetrated the credit card processor’s computer network, compromised the American Red Cross prepaid card accounts and manipulated the balances and withdrawal limits, casher cells across the globe operated a coordinated ATM withdrawal campaign.

In total, more than 15,000 ATM transactions were conducted in approximately 18 countries around the world using 21 compromised American Red Cross disaster relief prepaid cards, resulting in approximately $14 million in losses to the credit card processor and the American Red Cross.

The defendant, from his apartment in Stuttgart, Germany, participated in the cyber-attack by obtaining account information from the co-conspirators who directly hacked into the U.S.-based financial institution’s database and selling that account information to other co-conspirators over the Internet, including to an individual in Brooklyn.

In announcing the guilty plea, acting U.S. Attorney Currie praised the extraordinary efforts of the Secret Service in responding so rapidly to these attacks and investigating both the complex network intrusions that occurred overseas and the criminal activity occurring locally. Currie also thanked the American Red Cross for their cooperation with this investigation.

The government’s case is being prosecuted by Assistant U.S. Attorney Amir H. Toossi.

—Information from the U.S. Department of Justice