Accused Turkish mastermind of $55 million cyber spree extradited to U.S.

NEW YORK (Reuters) - A Turkish man has been extradited to the United States to face charges he organized three cyberattacks that resulted in $55 million in losses to the global financial system, U.S. authorities announced on Wednesday.

Prosecutors called Ercan Findikoglu, 33, the mastermind behind an organization whose hacks resulted in stolen debit card data being distributed worldwide and used to make fraudulent ATM withdrawals.

Findikoglu pleaded not guilty during a hearing in federal court in Brooklyn, New York, after being extradited on Tuesday from Germany, where he was arrested in December 2013, the U.S. Justice Department said.

An indictment unsealed on Wednesday charged Findikoglu, who authorities say went by the online aliases “Segate” and “Predator,” with 18 counts including computer intrusion conspiracy, bank fraud and money laundering.

Findikoglu’s lawyer did not respond to requests for comment.

Prosecutors said Findikoglu and others hacked into the computer networks of at least three credit and debit card payment processors: Fidelity National Information Services Inc, ElectraCard Services, now owned by MasterCard Inc, and enStage.

Once tapped into those networks, Findikoglu targeted Visa and MasterCard prepaid debit cards that the processors serviced and caused the cards’ account balances to be dramatically increased to allow large excess withdrawals, prosecutors said.

Authorities said a group managed by Findikoglu then disseminated the stolen debit card information to heads of “cashing crews” around the world who in turn conducted tens of thousands of fraudulent ATM withdrawals.

A February 2011 operation targeting cards issued by JPMorgan Chase & Co and used by the American Red Cross to provide relief to disaster victims saw $10 million withdrawn globally, prosecutors said.

A second operation compromised cards issued by National Bank of Ras Al-Khaimah in the United Arab Emirates, resulting in $5 million in losses in December 2012, court documents said.

In the biggest heist, hackers compromised cards issued by Bank Muscat in Oman, allowing crews operating in 24 countries to execute 36,000 transactions over a two-day period in February 2013 and withdraw $40 million from ATMs, prosecutors said.

A New York cashing crew alone withdrew $2.8 million in the 2012 and 2013 operations, authorities said. Thirteen of the crew’s members have pleaded guilty.

In exchange, Findikoglu and other high-ranking members of the scheme received proceeds in various forms, including by wire transfer, electronic currency or personal deliveries of cash, prosecutors said.

The case is U.S. v. Findikoglu, U.S. District Court, Eastern District of New York, No. 13-0440.

Reporting by Nate Raymond in New York; Editing by Paul Simao