On November 25 in federal court in Brooklyn, New York, Elvis Rafael Rodriguez, age 25 of Yonkers, was sentenced to 34 months’ imprisonment for his participation in an international cybercrime organization responsible for two cyberattacks that inflicted $45 million in losses on the global financial system in a matter of hours. Two of Rodriguez’s co-defendants were previously sentenced for their roles in the conspiracy — on October 27, 2014, Evan Peña, age 37 of Yonkers, was sentenced to 22 months’ incarceration, and on October 24, 2014, Saul Genao, age 25 of Yonkers, was sentenced to 15 months’ incarceration. Rodriguez, Peña and Genao were also ordered to pay $2,782,597 in restitution and $2,400,000 in forfeiture. Rodriguez, Peña, Genao and their 10 co-defendants pled guilty to charges stemming from their participation in the scheme.
The sentences were announced by Loretta E. Lynch, United States Attorney for the Eastern District of New York, and Robert J. Sica, Special Agent in Charge, United States Secret Service, New York Field Office.
“The defendants and their co-conspirators participated in a massive 21st century bank heist of unprecedented scale and scope using debit cards and the Internet rather than guns and masks. While the technical intrusion was highly sophisticated and the teams of cashers highly organized, law enforcement moved with even greater expertise to solve the cybercrime and bring the perpetrators to justice,” stated United States Attorney Lynch.
Secret Service Special Agent in Charge Sica stated, “Secret Service agents utilize state-of-the-art investigative techniques to identify and pursue cyber criminals around the world. This scheme involved multiple network intrusions and data thefts for illicit financial gain. Our success in this case and other similar investigations is a result of the extraordinary work of our investigators and our close work with our network of law enforcement partners.”
Rodriguez and his co-defendants were members of the New York-based cell of an international cybercrime organization that used sophisticated intrusion techniques to hack into the systems of global financial institutions, steal prepaid debit card data and eliminate withdrawal limits. The stolen card data was then instantly disseminated worldwide and used to make fraudulent ATM withdrawals on a massive scale. The defendants acted as “cashers,” who together with co-conspirators, withdrew almost $2.8 million in cash from ATMs in New York City in a matter of hours. Rodriguez and various co-defendants also laundered the proceeds of the crime by, among other things, making large cash deposits and transporting suitcases containing hundreds of thousands of dollars in cash to co-conspirators in Florida and Romania.
The cyberattacks employed by the defendants and co-conspirators are known in the cyber underworld as “Unlimited Operations” and rely upon both highly sophisticated hackers as well as organized criminal cells whose role is to withdraw the cash as quickly as possible and then launder the proceeds and repay the organizers. The defendants and co-conspirators conducted two Unlimited Operations: the first occurred on December 22, 2012 and resulted in approximately $5 million in losses worldwide. In the New York City area, over the course of just two hours and 25 minutes, the defendants and co-conspirators withdrew approximately $400,000 in fraudulent ATM withdrawals. The second Unlimited Operation occurred on February 19-20, 2013 and resulted in nearly $40 million in losses worldwide; the defendants and their co-conspirators withdrew approximately $2.4 million in the New York City area.
Ms. Lynch thanked MasterCard, RAKBANK and the Bank of Muscat for their cooperation with this investigation and expressed her gratitude for the timely and extensive assistance of U.S. Immigration and Customs Enforcement (ICE), Homeland Security Investigations (HSI), New York; law enforcement authorities in Japan, Canada, Germany and Romania; and authorities in the United Arab Emirates, Dominican Republic, Mexico, Italy, Spain, Belgium, France, United Kingdom, Latvia, Estonia, Thailand and Malaysia.
The government’s case is being prosecuted by Assistant United States Attorneys Hilary Jager, Brian Morris, Doug Pravda and Richard Tucker.
SOURCE: U.S. Attorney’s Office, Eastern District of New York
Additional background can be found in this May 2013 press release on their indictment and this November 2013 coverage by Kim Zetter.