Back in December of 2014, The State of Security first reported on the story of Ercan “Segate” Findikoglu, a 33-year-old Turkish man who is accused of having stolen over $60 million as part of a number of card heists in the United States. At the time of our reporting, Germany had denied Findikoglu’s extradition to the United States based upon different laws governing jail time for hackers. The accused has since been extradited to the United States and is currently in plea talks with federal authorities for the crimes he committed.According to a blog post written by Brian Krebs, Findikoglu is believed to have helped organize “ATM cashout” schemes by which he and a group of associates hacked into the computer networks of several payment card processors on numerous occasions. The criminal ring then leveraged this unauthorized access to lift the withdrawal limits on the accounts and then increase their balances, allowing them to withdraw large sums of money from ATM machines around the world in just a few hours. This type of attack is known as an “Unlimited Operation.”
Ercan “Segate” Findikoglu (Source: Softpedia)Findikoglu relied on the assistance of Qendrim Dobruna, another hacker who was also ultimately arrested in Germany and extradited to the United States, and other criminals to make 15,000 ATM transactions in 18 different countries on February 27-28, 2011. In that period of time, the group stole U.S. $14 million.According to a statement released by the United States Attorney’s Office for the Eastern District of New York, the accused also allegedly participated in two more card heists. On December 22, 2012, he managed a group of “cashing crews” who withdrew approximately $15 million via 4,500 ATM transactions in 20 different countries. Similarly, between February 19 and 20, 2013, his crews completed 36,000 ATM transactions in 24 countries to withdraw $40 million, approximately six percent of which was stolen from machines located in New York City alone.Shortly after his third operation, the U.S. Attorney’s Office for the Eastern District of New York completed an indictment against Findikoglu and filed 18 charges against him. For years, the United States Secret Service searched for the accused until they were finally able to arrest him in Frankfurt in cooperation with German authorities. It was at this time that Germany refused to extradite the criminal to the United States out of concern that Findikoglu would receive a disproportionate sentence for his crimes if transported to Manhattan. Whereas the accused’s crimes warranted a maximum punishment of 15 years imprisonment under German law, it commanded a 247-year sentence under its American legal counterpart.However, several months later, Germany apparently had a change of heart and did decide to ultimately extradite Findikoglu to the United States in June of this year.“For the past twenty years, Special Agents assigned to the Secret Service New York Electronic Crimes Task Force have worked closely with our law enforcement partners, the business community, and our partners in academia to pursue cybercriminals who have taken aim at our homeland’s financial infrastructure…. [W]e recognize our international law enforcement partners who were instrumental in the extradition of Ercan Findikoglu,” said Secret Service Special Agent in Charge Sica.The accused is now being held in a federal jail in New York, from which he is currently trying to negotiate a plea deal with prosecutors to commute his sentence.