LOS ANGELES – The fifth and final defendant charged with using credit and debit cards obtained from a series of cyberattacks on U.S. companies that resulted in an estimated $5 million in losses – and caused one victim company to go out of business – has pleaded guilty to federal fraud charges.
Irina Fedoseeva, 33, a Russian national who resides in the Koreatown District of Los Angeles, pleaded guilty yesterday afternoon to conspiracy to use unauthorized credit and debit cards and admitted causing more than $225,000 in losses.
In a plea agreement filed in United States District Court, Fedoseeva admitted to helping make fraudulent purchases with debit cards obtained as a result of cyberattacks on two healthcare administrators in December 2015 and February 2016.
After helping a co-defendant make unauthorized purchases from retail stores that included Apple and Best Buy, Fedoseeva resold the merchandise on the internet.
Four other defendants previously pleaded guilty to federal fraud charges for their roles in the computer attacks.
Timur Safin, 29, of Burbank; Dmitry Fedoseev, 34, of Koreatown; and Kristina Gerasimova, 22, of the Miracle Mile District of Los Angeles, all of whom are Russian nationals, each pleaded guilty on March 20 to aggravated identity theft and debit/credit card fraud.
The fifth defendant charged as a result of this investigation – Siarhei Patapau, 26, of the Miracle Mile District of Los Angeles, a native of Belarus – pleaded guilty on March 6 to similar felony charges.
All five defendants pleaded guilty before United States District Judge Stephen V. Wilson, who is scheduled to sentence the defendants during hearings scheduled in June and September.
According to court documents filed in two separate cases, the five defendants conspired with computer hackers, some of whom are believed to be in Russia. The hackers staged attacks that included:
- a July 2014 intrusion into an airline’s computer system in which the hackers funded pre-paid credit cards in the amount of $900,000;
- a December 2015 hack into the system of a healthcare administrator that allowed the cybercriminals to reactivate a dormant dependent care account and order the production of numerous debit cards that were used to make approximately $550,000 in fraudulent purchases; and
- a February 2016 attack on another healthcare administrator that allowed the intruders to order the production of debit cards linked to reactivated accounts that were used to make approximately $3.5 million in fraudulent purchases.
The computer hackers directed the pilfered debit and credit cards to be sent to the five defendants charged in Los Angeles and other co-conspirators. Members of the conspiracy then used the unauthorized cards to make cash withdrawals, purchase money orders and make purchases at retail outlets such as Apple, Best Buy, Home Depot and Target.
For example, Safin admitted in court that he used a number of the pre-paid credit cards to withdraw approximately $5,074 at ATMs throughout Los Angeles County and to purchase money orders totaling $19,420. He used debit cards obtained from the healthcare administrators to make at least $225,000 in fraudulent purchases.
When they were arrested last year, Fedoseev was in the possession of more than 519 unauthorized credit, debit and gift cards, and Patapau was found with approximately 525 credit and debit cards in other people’s names.
As a result of their guilty pleas, Patapau, Safin and Fedoseev each face a statutory maximum sentence of 12 years in federal prison when they are sentenced by Judge Wilson. Gerasimova faces a statutory maximum sentence of seven years, and Fedoseeva faces a statutory maximum sentence of five years.
The investigation that led to the two cases filed in Los Angeles was conducted by the Federal Bureau of Investigation.
The two criminal cases are being prosecuted by Assistant United States Attorneys Bryant Yang and Eric Tung of the General Crimes Section.