LOS ANGELES – The fifth and final defendant charged with using credit and debit cards obtained from a series of cyberattacks on U.S. companies that resulted in an estimated $5 million in losses – and caused one victim company to go out of business – was sentenced today to 33 months in federal prison.

Dmitry Fedoseev, 34, a Russian national who resides in Koreatown, was sentenced after pleading guilty in March to possession of unauthorized access devices (credits cards and debit cards) and aggravated identity theft.

Fedoseev was sentenced today by United States District Judge Stephen V. Wilson.

Three other Russian nationals and another Eastern European immigrant who monetized the information obtained from the cyberattacks by making fraudulent purchases, selling the purchased goods and transferring money to others involved in the fraudulent scheme were previously sentenced to federal prison. They are:

· Siarhei Patapau, 26, of the Miracle Mile District of Los Angeles, a native of Belarus, who was sentenced to 30 months in prison;

· Timur Safin, 29, of Burbank, who was sentenced to three years;

· Kristina Gerasimova, 22, of the Miracle Mile District of Los Angeles, who was sentenced to one year and one day in prison; and

· Fedoseev's ex-wife, Irina Fedoseeva, 33, who was sentenced to 14 months.

All five defendants admitted to helping make fraudulent purchases with credit and debit cards obtained as a result of cyberattacks on two healthcare administrators in December 2015 and February 2016. Due to their federal felony convictions, all five defendants have or will be deported from the United States.

According to court documents filed in two separate cases, the five defendants conspired with computer hackers, some of whom are believed to be in Russia. The hackers staged attacks that included:

· a July 2014 intrusion into an airline's computer system in which the hackers fraudulently funded pre-paid credit cards in the amount of $900,000;

· a December 2015 hack into the system of a healthcare administrator that allowed the cybercriminals to reactivate a dormant dependent care account and order the production of numerous debit cards that were used to make approximately $550,000 in fraudulent purchases; and

· a February 2016 attack on another healthcare administrator that allowed the intruders to order the production of debit cards linked to reactivated accounts that were used to make approximately $3.5 million in fraudulent purchases.

The computer hackers directed the pilfered debit and credit cards to be sent to the five defendants charged in Los Angeles and other co-conspirators. Members of the conspiracy then used the unauthorized cards to make cash withdrawals, purchase money orders and make purchases at retail outlets such as Apple, Best Buy, Home Depot and Target.

For example, Safin admitted in court that he used a number of the pre-paid credit cards to withdraw approximately $5,074 at ATMs throughout Los Angeles County and to purchase money orders totaling $19,420. He used debit cards obtained from the healthcare administrators to make at least $225,000 in fraudulent purchases.

When they were arrested last year, Fedoseev and Fedoseeva possessed more than 519 unauthorized credit, debit and gift cards and $29,300 in cash. Patapau was found with approximately 525 credit and debit cards in other people's names.

The investigation that led to the two cases filed in Los Angeles was conducted by the Federal Bureau of Investigation.

The two criminal cases are being prosecuted by Assistant United States Attorney Bryant Yang of the Organized Crime Drug Enforcement Task Force.

Component(s): USAO – California, Central

Press Release Number: 17-161     Updated September 11, 2017

Central District of California DOJ / 17-161 / September 11, 2017