A German court has put the brakes
on efforts to extradite a suspected hacker to the US, arguing that the
potential sentence of almost 250 years he faces there is excessive by
German standards.
32-year-old Turkish national Ercan Findikoğlu has been held in
Germany since his arrest at Frankfurt Airport in December 2013. Since
then there have been several legal stages, with approval given to the
extradition by a regional court in August of this year.
Now the country's highest court, the Federal Constitutional Court of Germany or Bundesverfassungsgericht
based in Karlsruhe, has overturned that decision, questioning both the
extreme length of the sentence threatened by US authorities, and also
the inclusion of a "conspiracy" charge not compatible with German law.
The decision was made on November 20th, and details were revealed this week by news magazine Der Spiegel, which played a major part in revealing the NSA secrets leaked by Edward Snowden.
Earlier Spiegel Online reports (in German) connect Findikoğlu to massive global card heists
in late 2012 and early 2013, involving hacking of systems in India
operated by payment processing firms EnStage and ElectraCard.
In lengthy penetrations the hackers were able to doctor accounts for
prepaid debit cards, removing withdrawal limits so that a team of
carders armed with stolen PINs and cloned cards could take out large
sums in orchestrated cash-outs.
In separate swoops targeting the two companies, it's believed at
least $45 million was withdrawn from ATMs around the world, including
over 140 in New York alone.
The first heist, involving cards from the National Bank of Ras
Al-Khaima (RAKBANK), UAE, stolen in the ElectraCard hack, seems like
something of a practice run, scoring a mere $5 million in December 2012.
The second targeted the Bank of Muscat, Oman, via its partner EnStage
and scooped an epic $40 million, with 36,000 ATM transactions carried
out in the space of 10 hours in February of last year.
Several of the low-level carders and cashers have already been brought to justice, including a crew in New York, and more recently a German mother-and-son team given over four years for nabbing 168,000 Euros from ATMs in Dusseldorf.
Now it looks like one of the ringleaders is making his slow way
through the international justice system, complicated as ever by the
complexities of international law.
It's not the first time the US preference for extreme potential
sentences, usually used as leverage to assure easy guilty pleas, have
caused a snag in cybercrime extradition proceedings. Last year similar
complaints of excessive sentencing held up the extradition from Latvia of a man suspected of being behind the Gozi Trojan.
In that case the matter was swiftly resolved, and it seems likely
that this one will eventually go the same way, with a little flexibility
and understanding on both sides.
Further complicating matters is a second extradition request from Turkey for Findikoğlu, again according to Der Spiegel.
Findikoğlu also has form in these struggles, with reports
dating back to 2008 of involvement with a series of cyber thefts
including a failed heist targeting over a million stolen card numbers.
He was described at the time as "the world's number two hacker", and
was even then facing a possible 200 year sentence in the US but may have
only served a couple of years in Turkey.
In this case, should he eventually make his way to the US, he's likely to get a rather more serious sentence.
It should of course be appropriate for the scale of his crimes, but
surely most people would agree that even for a repeat offender, more
than three full lifetimes may be a little harsh.
0 comments:
Post a Comment