Skip to content ↓ | Skip to navigation ↓

A hacker has been sentenced to 50 months in prison for his role in a fraudulent ATM withdrawal scheme that resulted in the theft of $14 million worldwide.

According to a press statement released by the United States Attorney’s Office for the Eastern District of New York, Qendrim Dobruna pleaded guilty to bank fraud last year after participating in what is known among underground hacker syndicates as an “Unlimited Operation.”

“The ‘Unlimited Operation’ begins when the cybercrime organization hacks into the computer systems of a payment card processor, compromises prepaid debit card accounts, essentially eliminates the withdrawal limits of those accounts, and manipulates the security protocols that would alert the victim to the attack,” explains the statement. “The compromised card data is then distributed to cells worldwide that use the data to encode magnetic stripe cards to use at ATMs. These sophisticated techniques enable the participants to withdraw literally unlimited amounts of cash until the operation is finally detected and shut down.”

U.S. officials state that Dobruna was part of an international ring of hackers who participated in an “Unlimited Operation” back in February 27, 2011. At that time, Dobruna and his co-conspirators targeted prepaid credit cards issued by the American Red Cross that were intended for disaster relief victims. These attackers were eventually able to compromise the payment card system’s computer network, which gained them unauthorized access to each American Red Cross prepaid card account. The hackers then exploited this access to remove the balances and withdrawal limits on each account, enabling casher cells affiliated with the hackers to conduct an ATM withdrawal campaign simultaneously around the world.

hacker dobruna
Source: Kaspersky Lab Daily

In total, the criminals made 15,000 unique ATM transactions in 18 different countries over a period of only two days. Even so, they were able to steal roughly USD $14 million.

Dobruna, who went by the names “cl0sEd” and “cL0z” among others online, contributed to the operation by hacking into the payment card system’s computer network and selling victims’ account information to some of his co-conspirators, including an individual based in Brooklyn, New York. It was this role in the international attack campaign that led to his arrest in March 2012 in Germany, from which he was ultimately extradited to the United States.

Dobruna initially faced as many as 30 years in prison for his crimes. However, as part of a deal in which he pleaded guilty to bank fraud in July of 2014, his sentence was commuted to 50 months.

“This operation demonstrates that combining international law enforcement resources sends a strong message to criminals, that there is no such thing as anonymity in the cyber world. Secret Service agents utilize state-of-the-art investigative techniques to identify and pursue cyber criminals around the world. The adverse impact this individual and other transnational organized criminal groups have on our nation’s financial infrastructure is significant and should not be underestimated,” observed Secret Service Special Agent in Charge Robert J. Sica.

To read about other black hat hackers who have been sentenced to prison for their crimes, please click here.


Title image courtesy of ShutterStock