Five Russian nationals pleaded guilty to identity theft and using credit and debit cards fraudulently after obtaining them via a series of cyberattacks on companies that resulted in millions of dollars worth of losses.
All five defendants pleaded guilty before United States District Judge Stephen V. Wilson, who is scheduled to sentence the defendants during hearings scheduled in June and September, according to the Department of Justice.
According to a press release from the Justice Department:
Irina Fedoseeva, 33, a Russian national who resides in the Koreatown District of Los Angeles, pleaded guilty yesterday afternoon to conspiracy to use unauthorized credit and debit cards and admitted causing more than $225,000 in losses.
In a plea agreement filed in United States District Court, Fedoseeva admitted to helping make fraudulent purchases with debit cards obtained as a result of cyberattacks on two healthcare administrators in December 2015 and February 2016.
After helping a co-defendant make unauthorized purchases from retail stores that included Apple and Best Buy, Fedoseeva resold the merchandise on the internet.
Four other defendants previously pleaded guilty to federal fraud charges for their roles in the computer attacks.
Timur Safin, 29, of Burbank; Dmitry Fedoseev, 34, of Koreatown; and Kristina Gerasimova, 22, of the Miracle Mile District of Los Angeles, all of whom are Russian nationals, each pleaded guilty on March 20 to aggravated identity theft and debit/credit card fraud.
The fifth defendant charged as a result of this investigation – Siarhei Patapau, 26, of the Miracle Mile District of Los Angeles, a native of Belarus – pleaded guilty on March 6 to similar felony charges.
According to court documents, the defendants conspired with computer hackers believed to be from Russia. The DOJ said that the attacks included:
- a July 2014 intrusion into an airline’s computer system in which the hackers funded pre-paid credit cards in the amount of $900,000;
- a December 2015 hack into the system of a healthcare administrator that allowed the cybercriminals to reactivate a dormant dependent care account and order the production of numerous debit cards that were used to make approximately $550,000 in fraudulent purchases; and
- a February 2016 attack on another healthcare administrator that allowed the intruders to order the production of debit cards linked to reactivated accounts that were used to make approximately $3.5 million in fraudulent purchases.
Interestingly enough , two of these instances are tied to healthcare administrators. Could any of that be related to the insecurity of the Obamacare website?
The defendants not only made cash withdrawals from ATMs, but also purchased money orders and made retail purchases from Apple, Best Buy, Home Depot and Target.
When arrested in 2016, Fedoseev possessed more than 519 unauthorized credit, debit and gift cards, and Patapau was found with approximately 525 credit and debit cards in other people’s names.
Patapau, Safin and Fedoseev each face a statutory maximum sentence of 12 years in federal prison while Gerasimova faces a statutory maximum sentence of seven years, and Fedoseeva faces a statutory maximum sentence of five years.
The more troubling part of this story is that the hackers have not been apprehended.
According to the Federal Trade Commission, identity theft complaints doubled between 2010 and 2015.