A pair of Moldovan brothers were arrested Wednesday in Frenso, Calif. on charges stemming from a cyber scheme that bilked people and businesses of millions of dollars redirected to prepaid cards and eventually bank accounts, according to cyber security blog Krebs On Security.

Adrian Baltaga, 25, and Gheorghe Baltaga, 26, allegedly ripped off the login credentials of Fidelity Investments customers and then siphoned off cash through ACH payments.

In the complicated heist, Krebs cites documents that say the brothers used prepaid cards to buy money orders (from Money Gram and the Postal Service) that were eventually deposited into their own bank accounts.

The Baltaga brothers then used regular debit cards to withdraw that money from their accounts.

According to interviews with investigators, the Baltaga indictments (PDF) reveal surprisingly little about the extent of the cybercrimes that investigators believe these men committed. For example, sources familiar with the investigation say the Baltaga brothers were involved in a 2012 cyberheist against a Maryland title company that was robbed of $1.7 million.

The brothers, Krebs says, were charged with a litany of crimes, including wire fraud and conspiracy to commit bank fraud and wire fraud.