Two members of an international cybercrime operation have pleaded guilty in federal court in New Jersey to their roles in an identity theft and fraud scheme that attempted to steal at least $15 million.
Robert Dubuc, 40, of Malden, Mass. – who was in court April 1 – and Oleg Pidtergerya, 49, of Brooklyn, N.Y. – who was in court March 31 – each pleaded guilty to one count of wire fraud conspiracy and one count of conspiracy to commit access device fraud and identity theft.
The duo were part of a scheme that targeted more than a dozen banks, brokerage firms, payroll processing companies and government agencies throughout the United States, according to the U.S. Department of Justice.
According to authorities, the two men were recruited by the leaders of the operation to “cash-out” bank accounts and prepaid debit cards opened in the names of others. Oleksiy Sharapka, 33, of Kiev, Ukraine, allegedly directed the conspiracy with the help of Leonid Yanovitsky, 39, also of Kiev. Pidtergerya led a cash-out crew in New York for Sharapka and Yanovitsky, while Dubuc controlled a cash-out crew in Massachusetts for the organization.
As part of the scheme, hackers first gained access to the bank accounts of customers for more than a dozen global financial institutions and businesses, including Citibank, E-Trade and JP Morgan Chase Bank. After obtaining unauthorized access to the accounts, Sharapka and Yanovitsky stole money from them and put it on prepaid debit cards and in bank accounts they controlled.
The next step was to have the “cashers” withdraw the stolen funds from the fraudulent accounts. This was done in a number of ways, including by making ATM withdrawals and fraudulent purchases in New York, Massachusetts, Illinois and Georgia. Both Sharapka and Yanovitsky are under indictment but remain at large.
As part of their guilty pleas, Pidtergerya and Dubuc admitted they knew about the fraudulent cards and coordinated ATM and bank withdrawals of the stolen funds. In addition, they admitted to sending proceeds of the fraud to Sharapka and Yanovitsky in Ukraine.
The wire fraud conspiracy count carries a maximum penalty of 20 years in prison, while the conspiracy to commit access device fraud and identity theft charge carries a maximum sentence of five years in prison. Each count also carries a maximum $250,000 fine, or twice the gross gain or loss from the offense.
Sentencing is scheduled for July 7 for Pidtergerya and July 8 for Dubuc.
