RBS Hacker's Sentence Too Mild
Experts: International Cyber Crime Punishment Too Lax
February 14, 2011 - Tracy Kitten, Managing Editor
A Russian court has passed down a suspended sentence with no jail time
for one of the hackers involved in the 2009 RBS WorldPay systems
heist.
Yevgeny Anikin, 27, got a five-year suspended sentence for his role in $9
million breach that placed 1.5 million U.S. cardholders at risk. The lighter
sentence was reportedly handed down because of the assistance Anikin
offered authorities with the investigation. He is the second hacker
involved in the breach to get off without facing time behind bars. In September, Viktor Pleshchuk, 29,
who also was tried in Russia, got a six-year suspended sentence and four years of probation.
Peter Cassidy of the Anti-Phishing Working Group says the slap-on-wrist sentencing should not come
as a surprise. "E-crime cases in Eastern Europe, Central Europe and the Baltic States often go
unprosecuted or end with suspended sentences, parole or short-time sentences and parole," he says.
"In the U.S., where there is mature electronic crime law and federal sentencing guidelines, electronic
criminals can be sentenced for decades. Law and, more importantly, culture in parts of Europe can be
more matter-of-fact, even nonchalant, about electronic crime, and that gives courts much wider
berth."
The hack of Atlanta-based RBS WorldPay, the U.S. payment-processing division of the Royal Bank of
Scotland Group, quickly attained notoriety for its sophistication and speed. The scheme included
money mules who were hired to withdraw the stolen money from ATMs and store it in safety deposit
boxes and luggage lockers at train stations. Within a 12-hour period, $9 million in cash was withdrawn
from 2,100 ATMs in 280 cities around the world. ick to Get Updates on the Latest Information
Security News
Mike Urban, senior director of fraud solutions for FICO, which provides fraud-detection analysis, says
the case shows the need for stronger international punishment for cybercrimes. "If he was sentenced
in the U.S., he would more than likely be doing over 10 years in prison," Urban says. "At the end of
the day, he stole millions of dollars. Even if it was not a computer crime, anyone committing a felony
of that scale would be incarcerated for a long time. There is a need to build better bilateral law
enforcement relationships with countries where electronic crimes are committed and where the victims
reside."
Four other hackers involved in the breach, Viktor Pleshchuk, Sergei Tsurikov, Oleg Covelin and
Vladislav Anatolievich Horohorin were arrested as well, although only Tsurikov was extradited to the
U.S. to face charges here. The United States does not have an extradition treaty with Russia. And
Horohorin, who in August was arrested in France, could face up to 12 years in prison and fines
totaling $500,000.
Cassidy says the culture's apathy is expressed in the sentencing passed down by courts in Central and
Eastern Europe. "Still," he says, "electronic crime investigators anywhere would consider any arrest,
any prosecution, any conviction and any sentence for electronic crimes in Russia a big step forward in
leveling standards of jurisprudence in this body of law between Eastern Europe and the West."