"...if they are smart they had a contingency plan, hide a million or two in a hole in the ground, and will only serve a handful of years in jail..."
Let's assume high and say $2MN dollars is successfully hidden. Let's say they get 5 years in jail. There were 8 of them. 2MN/8 = $250,000. $250,000/5 = $50,000.
Good job, guys! You went to jail for 5 years for $50,000 per year, which is what a mid-level IT tech makes. You also guaranteed yourselves a lifetime of being watched by government agencies the world over.
Now, I don't know how many people were just foot soldiers and how many were involved in the technical side of the hack, but say instead of ripping off a bank, you used your what seems to be considerable insight into security flaws to start a security firm and make a lot more money, legitimately. Just not as exciting, I suppose. Good grief, just informing RBS about this hack would have netted you a fat, LEGAL payday. Or, you could have contacted their current security firm, told THEM about the hack, they pay you quietly under the table, then get to look like heroes when they show RBS what they found. There were a lot of ways to use this to your advantage.
I work with a lot of former eastern bloc nationals, and it never ceases to amaze me how much 'ripping off the system' is ingrained into their mentalities. Some of the world's best programming talent comes from that region, and the majority seem inclined to use it for nefarious purposes.
We had to fire what was probably the best technician our company ever had, a Bulgarian, because instead of using his abilities to improve our company's network, he used it to to hack the company firewall and phone switch, and sell Internet access and long distance to people. He probably made a few thousand dollars, but lost a job that paid $72,000, which is a fortune in Bulgaria.