RBS Hacker's Sentence Too MildExperts: International Cyber Crime Punishment Too Lax
Yevgeny Anikin, 27, got a five-year suspended sentence for his role in $9 million breach that placed 1.5 million U.S. cardholders at risk. The lighter sentence was reportedly handed down because of the assistance Anikin offered authorities with the investigation. He is the second hacker involved in the breach to get off without facing time behind bars. In September, Viktor Pleshchuk, 29, who also was tried in Russia, got a six-year suspended sentence and four years of probation.
Peter Cassidy of the Anti-Phishing Working Group says the slap-on-wrist sentencing should not come as a surprise. "E-crime cases in Eastern Europe, Central Europe and the Baltic States often go unprosecuted or end with suspended sentences, parole or short-time sentences and parole," he says. "In the U.S., where there is mature electronic crime law and federal sentencing guidelines, electronic criminals can be sentenced for decades. Law and, more importantly, culture in parts of Europe can be more matter-of-fact, even nonchalant, about electronic crime, and that gives courts much wider berth."
The hack of Atlanta-based RBS WorldPay, the U.S. payment-processing division of the Royal Bank of Scotland Group, quickly attained notoriety for its sophistication and speed. The scheme included money mules who were hired to withdraw the stolen money from ATMs and store it in safety deposit boxes and luggage lockers at train stations. Within a 12-hour period, $9 million in cash was withdrawn from 2,100 ATMs in 280 cities around the world.
Mike Urban, senior director of fraud solutions for FICO, which provides fraud-detection analysis, says the case shows the need for stronger international punishment for cybercrimes. "If he was sentenced in the U.S., he would more than likely be doing over 10 years in prison," Urban says. "At the end of the day, he stole millions of dollars. Even if it was not a computer crime, anyone committing a felony of that scale would be incarcerated for a long time. There is a need to build better bilateral law enforcement relationships with countries where electronic crimes are committed and where the victims reside."
Four other hackers involved in the breach, Viktor Pleshchuk, Sergei Tsurikov, Oleg Covelin and Vladislav Anatolievich Horohorin were arrested as well, although only Tsurikov was extradited to the U.S. to face charges here. The United States does not have an extradition treaty with Russia. And Horohorin, who in August was arrested in France, could face up to 12 years in prison and fines totaling $500,000.
Cassidy says the culture's apathy is expressed in the sentencing passed down by courts in Central and Eastern Europe. "Still," he says, "electronic crime investigators anywhere would consider any arrest, any prosecution, any conviction and any sentence for electronic crimes in Russia a big step forward in leveling standards of jurisprudence in this body of law between Eastern Europe and the West."