TRENTON, N.J. — Two members of an alleged international cybercrime, identity theft and credit card fraud conspiracy pleaded guilty Tuesday to their roles in a scheme to use information hacked from customer accounts at more than a dozen banks, brokerage firms, payroll processing companies and government agencies to attempt to steal $15 million from customers. The guilty pleas follow an investigation by the U.S. Immigration and Custom's Enforcement (ICE) Homeland Security Investigations (HSI) Newark field office, the U.S. Secret Service, Department of Defense Criminal Investigative Service, and the Internal Revenue Service.
Richard Gundersen, 47, of Brooklyn, New York, pleaded guilty to one count of conspiracy to commit wire fraud, access device fraud and identity theft.
Lamar Taylor, 38, of Salem, Massachusetts, pleaded guilty to one count of conspiracy to commit wire fraud, access device fraud and identity theft. Both defendants entered their guilty pleas before U.S. District Judge Peter G. Sheridan in Trenton federal court.
According to court documents and statements made in court, both Gundersen and Taylor participated in a scheme to "cash out" bank accounts and pre-paid debit cards opened in the names of others. Oleksiy Sharapka, 34, of Kiev, Ukraine, allegedly directed the conspiracy with the help of Leonid Yanovitsky, 39, also of Kiev.
Oleg Pidtergerya, 50, who previously pleaded guilty to his role in the conspiracy, managed a cash-out crew in New York for Sharapka and Yanovitsky, and Robert Dubuc, 41, who has also pleaded guilty to his role in the conspiracy, and controlled a cash-out crew in Massachusetts. Gundersen worked as "casher" under Pidtergerya, while Taylor performed a similar role under Dubuc.
Hackers first gained unauthorized access to the bank accounts of customers at more than a dozen global financial institutions and businesses, including: Aon Hewitt; Automatic Data Processing Inc.; Citibank N.A.; E-Trade; Electronic Payments Inc.; Fundtech Holdings LLC, iPayment Inc.; JPMorgan Chase Bank N.A.; Nordstrom Bank; PayPal; TD Ameritrade; U.S. Department of Defense, Defense Finance and Accounting Service; TIAA-CREF; USAA; and Veracity Payment Solutions Inc.
After obtaining unauthorized access to the bank accounts, Sharapka and Yanovitsky diverted money from them to bank accounts and pre-paid debit cards they controlled. They then implemented a sophisticated cash-out operation, employing crews of individuals, including Gundersen and Taylor, to withdraw the stolen funds by making ATM withdrawals and fraudulent purchases in New York, Massachusetts, Illinois, Georgia and elsewhere. Both Sharapka and Yanovitsky are under indictment in the United States and remain at large.
Gundersen and Taylor admitted they were aware fraudulent accounts and cards were created without the consent of the individuals in whose names they were opened. They admitted that they opened bank accounts in the names of identity theft victims and that those accounts were funded with money stolen by other conspirators. They also admitted conducting ATM and bank withdrawals of the stolen funds and providing the proceeds of the fraud, less their own fees, to their immediate higher-ups in the organization – Pidtergerya and Dubuc, who, in turn, sent a portion of the proceeds to Sharapka and Yanovitsky in Ukraine.
The government's ongoing investigation into the organization has so far identified attempts to defraud the victim companies and their customers of more than $15 million.
The conspiracy to commit wire fraud, access device fraud and identity theft count carries a maximum potential penalty of five years in prison and a maximum $250,000 fine, or twice the gross gain or loss from the offense. Gundersen and Taylor's sentencings are scheduled for Sept. 3, 2014.