Cyber Banking Mastermind Arrested By Police In Spain

European police have potentially landed a hugely important victory in their fight against cyber criminal gangs targetting the banking industry.

It comes after the leader of the crime gang behind the Carbanak and Cobalt malware attacks that had targetted over a 100 financial institutions worldwide was arrested in Alicante, Spain.

Cyber attacks against financial institutions can be profitable – for a while at least. In December for example, Moscow-based computer security firm Group-IB identified a gang of cyber-thieves called MoneyTaker as stealing around $10 million (£7.5m) in a string of heists that targeted a number of banks.

Mastermind arrest

But now Europol has said that it has arrested the mastermind of the criminal gang “after a complex investigation conducted by the Spanish National Police, with the support of Europol, the US FBI, the Romanian, Belarussian and Taiwanese authorities and private cyber security companies.”

This gang has been operating since 2013, and they have attacked banks, e-payment systems and financial institutions using pieces of malware they designed (Carbanak and Cobalt).

They are thought to be responsible for the loss of over 1 billion euros (£870m) for the financial industry, as the Cobalt malware alone allowed criminals to steal up to 10 million euros (£8.7m) per heist.

When the gang first started in 2013, they used the Anunak malware campaign that targeted financial transfers and ATM networks of financial institutions around the world.

“By the following year, the same coders improved the Anunak malware into a more sophisticated version, known as Carbanak, which was used in until 2016,” Europol said. “From then onwards, the crime syndicate focused their efforts into developing an even more sophisticated wave of attacks by using tailor-made malware based on the Cobalt Strike penetration testing software.”

Essentially, all these attacks would follow a familiar pattern.

First the gang would send banking staff spear phishing emails with a malicious attachments impersonating legitimate companies. When these attachments were downloaded, the criminal gang gains remote control of the victims’ infected machines.

This gave them access to the internal banking network and allowed them to infect the servers controlling the ATMs. This provided them with the knowledge they needed to cash out the money.

In late 2016 for example, a cyber-crime gang tricked automatic teller machines in at least a dozen European countries, including the UK, into spewing out cash.

The same technique was also used to remove cash from ATMs in Taiwan and Thailand.

Co-operative takedown

“This global operation is a significant success for international police cooperation against a top level cybercriminal organisation,” said Steven Wilson, head of Europol’s European Cybercrime Centre (EC3).

“The arrest of the key figure in this crime group illustrates that cybercriminals can no longer hide behind perceived international anonymity,” said Wilson. “This is another example where the close cooperation between law enforcement agencies on a worldwide scale and trusted private sector partners is having a major impact on top level cybercriminality.”

“This is the first time that the EBF has actively cooperated with Europol on a specific investigation,” said Wim Mijs, CEO of the European Banking Federation. “Public-private cooperation is essential when it comes to effectively fighting digital cross border crimes like the one that we are seeing here with the Carbanak gang.”

Whilst the arrest of this alleged criminal mastermind is a welcome development, the scary thing for most people is the worry that British banks are dramatically under-reporting computer attacks due to their fear of bad publicity.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Apple Sales Rise 6 Percent After Early iPhone 16 Demand

Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…

24 hours ago

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago