Turkish hacker behind $40m Bank Muscat card heist pleads guilty

A Turkish hacker who was accused of masterminding the $40m heist using cards issued by Oman’s Bank Muscat in 2013 has pleaded guilty in a federal court in New York.

Ercan Findikoglu, 34, pleaded guilty to five counts including computer intrusion conspiracy for leading a scheme that led to stolen debit card data being distributed worldwide, Reutersreported.

In the coordinated bank heist in 2013, $40m was withdrawn from ATMs in 24 countries via 36,000 transactions in about 10 hours.

Findikoglu also allegedly masterminded other cyber-attacks which saw another $15m withdrawn from ATMs worldwide.

He was extradited in June 2015 from Germany, where he was arrested in December 2013.

Prosecutors said that hackers including Findikoglu gained access to the networks of certain prepaid debit card payment processors from 2010 to 2013. They then caused account balances to be dramatically increased to allow large excess withdrawals.

The stolen debit card information was then circulated to others who conducted fraudulent ATM withdrawals globally.

Apart from the Bank Muscat case, $10m was stolen in February 2011 using cards issued by JPMorgan Chase & Co and used by the American Red Cross to provide relief to disaster victims.

In another attack in December 2012, $5m was fraudulently withdrawn using cards issued by National Bank of Ras Al-Khaimah in the United Arab Emirates.

So far, 13 of the crew’s members have pleaded guilty, Reuters added.