Cops Track Down 'Mastermind' Behind Theft of Millions from Malware-Infected Cash Machines

By Sidney Fussell on at

In a series of targeted malware attacks that began in 2013, a “cybercrime gang” of hackers stole over a billion euros (about £880 million) from banks worldwide. The European Union Agency for Law Enforcement Cooperation (Europol) announced today that they’d arrested the gang’s apparent leader in Spain. In a statement, Europol officials say they coordinated with law enforcement agencies across the globe, including the FBI, the European Banking Federation, and police in Spain, Romania, Belarus, and Taiwan.

The Carbanak group, alternatively known as Anunak or Cobalt, attacked over 100 banks in 40 different countries using complex malware schemes that took over banks. In an infographic, Europol described how the group pulled off the sophisticated heists. (Of course, it started with emails.)

First, bank employees were sent phishing emails that infected their machines with malware. The malware spread to the bank’s servers and eventually cash machines, which were then programmed to spit out cash at pre-determined times. With control of the servers and cash machines, money was cashed out in three different ways. Members of the group waited to scoop up the cash being spit out by the machines, and money from the banks was wired into criminal accounts. The group also compromised databases with account information by inflating account balances, then skimming off the difference for themselves before anyone noticed. Europol says with each heist the group stole upwards of €10 million (or about £8.75 million). According to Europol’s press release, the money was “also laundered via cryptocurrencies, by means of prepaid cards linked to the cryptocurrency wallets which were used to buy goods such as luxury cars and houses.”

Police have not named the person they’ve arrested; however, securities experts found Anunak had ties to both Russia and the Ukraine in 2014. [Fortune]

More Crime Posts: