Europol has arrested the ringleader of a gang responsible for stealing over 1 billion EUR from more than 100 banks in 40 countries. The stolen money was converted to cryptocurrency for laundering, according to a Europol press release.
The hacks began in 2013 and became increasingly sophisticated over time as the gang upgraded its malware. The first iteration was called Anunak, in 2014 it was upgraded to Carbanak and in 2016 the gang switched to using a modified security programme called Cobalt Strike.
The viruses allowed the gang to control computers remotely. Legitimate-looking emails containing the virus were sent to bank employees and if one was downloaded the malware would spread, allowing the perpetrators access to bank’s systems. The perpetrators would then steal money in one of three different ways:
1. ATMs were programmed to spit out cash, which was collected by gang members.
2. Customer bank accounts were inflated, and gang members would withdraw the difference in cash from an ATM.
3. Money was simply transferred electronically to the perpetrators’ accounts.
Sergey Golovanov, a security researcher for cybersecurity firm Kaspersky, said: “It was a very slick and professional cyber-robbery.”
According to the press release, the stolen money was then converted to cryptocurrency: “The criminal profits were also laundered via cryptocurrencies, by means of prepaid cards linked to the cryptocurrency wallets which were used to buy goods such as luxury cars and houses.”
Europol does not specify which cryptocurrency was used, although it does display a Bitcoin logo in an infographic depicting the operation.
A report in Fortune points out that the amount stolen must be considerably more than 1 billion EUR; cyber-security firm Kaspersky reported on the gang more than three years ago, which at that point had stolen more than 1 billion USD. A spokesperson from the European Banking Federation confirmed this.
The leader of the gang, not yet named, was arrested in Alicante, Spain, after a major operation involving Europol, the FBI, Romanian, Belarussian and Taiwanese authorities and private cybersecurity firms. Steven Wilson, Head of Europol’s European Cybercrime Centre, said: “This global operation is a significant success for international police cooperation against a top level cybercriminal organisation. The arrest of the key figure in this crime group illustrates that cybercriminals can no longer hide behind perceived international anonymity.”