Police say that they have arrested the head of a computer crime collective, alleged to have stolen millions of dollars from banks around the world after infecting them with malware.
For the past five years the hacking gang has attempted to infect banks and financial institutions in more than 40 countries with malware (known as Cobalt, Carbanak, and Anunak), stealing as much as 10 million Euros in each heist and causing cumulative losses that are estimated to exceed one billion Euros (US $1.2 billion).
The gang effectively “jackpotted” ATMs. But they did so without physically meddling with cash machines.
In each attack, the hackers’ modus operandi followed a familiar formula: Bank workers would be targeted with emails claiming to come from legitimate companies, but carrying a malicious attachment. Once executed, the malware would give the remote hackers control over the compromised computer, granting them access to the bank’s internal network, and able to infect servers used to control ATMs.
The criminals could then steal money by transferring it into accounts under their control or sending commands to a specific ATM to “spit out cash” for money mules to collect at a specific time. To make it easier for large amounts of money to be stolen the hackers could adjust account balances, allowing more cash to be collected from ATMs.
The massive profits from the criminal scheme were laundered with help from cryptocurrencies – with cards linked to cryptocurrency wallets used to buy luxury cars and houses.
Now, however, the gang’s reign appears to be coming to an end, as it has been announced that an international police operation, co-ordinated by Eurpol, has brought various members of the gang to justice around the world.
Specifically, the alleged leader of the gang – one Denis K, a Ukrainian national – has been detained in Alicante by Spanish police. According to Spain’s Interior Ministry, Denis K is thought to have accumulated approximately 15,000 bitcoins (about $120 million).
Meanwhile, Ukrainian police appear to have arrested another suspect in Kiev.
According to Ukrainian police, the 30-year-old man has been an active member of the Cobalt group since 2016, developing exploits to compromise targeted systems. Authorities in Ukraine claim that the alleged hacker infected banks and hotels, stealing personal and banking information. In one instance, it is alleged that the arrested man sold approximately 140,000 stolen payment card details, earning US $1.5 million.
Ukrainian police posted photographs and a video of themselves searching the suspect’s residence, and confiscating computer equipment and flash drives. No doubt they are hopeful to not only find evidence of wrong-doing, but also to potentially collect information which might shed light on other members of the gang.
Clearly buying luxury cars and houses is not a great way to avoid drawing attention to yourself. Only time will tell if the Cobalt group has been entirely dismantled, or whether some of its members will move on to other criminal activities. One thing is for sure – with such huge amounts of money available for hackers to steal, there will be plenty of others out there who may feel tempted to try something similar.