Cyber Banking Mastermind Arrested By Police In Spain

European police have potentially landed a hugely important victory in their fight against cyber criminal gangs targetting the banking industry.

It comes after the leader of the crime gang behind the Carbanak and Cobalt malware attacks that had targetted over a 100 financial institutions worldwide was arrested in Alicante, Spain.

Cyber attacks against financial institutions can be profitable – for a while at least. In December for example, Moscow-based computer security firm Group-IB identified a gang of cyber-thieves called MoneyTaker as stealing around $10 million (£7.5m) in a string of heists that targeted a number of banks.

Mastermind arrest

But now Europol has said that it has arrested the mastermind of the criminal gang “after a complex investigation conducted by the Spanish National Police, with the support of Europol, the US FBI, the Romanian, Belarussian and Taiwanese authorities and private cyber security companies.”

This gang has been operating since 2013, and they have attacked banks, e-payment systems and financial institutions using pieces of malware they designed (Carbanak and Cobalt).

They are thought to be responsible for the loss of over 1 billion euros (£870m) for the financial industry, as the Cobalt malware alone allowed criminals to steal up to 10 million euros (£8.7m) per heist.

When the gang first started in 2013, they used the Anunak malware campaign that targeted financial transfers and ATM networks of financial institutions around the world.

“By the following year, the same coders improved the Anunak malware into a more sophisticated version, known as Carbanak, which was used in until 2016,” Europol said. “From then onwards, the crime syndicate focused their efforts into developing an even more sophisticated wave of attacks by using tailor-made malware based on the Cobalt Strike penetration testing software.”

Essentially, all these attacks would follow a familiar pattern.

First the gang would send banking staff spear phishing emails with a malicious attachments impersonating legitimate companies. When these attachments were downloaded, the criminal gang gains remote control of the victims’ infected machines.

This gave them access to the internal banking network and allowed them to infect the servers controlling the ATMs. This provided them with the knowledge they needed to cash out the money.

In late 2016 for example, a cyber-crime gang tricked automatic teller machines in at least a dozen European countries, including the UK, into spewing out cash.

The same technique was also used to remove cash from ATMs in Taiwan and Thailand.

Co-operative takedown

“This global operation is a significant success for international police cooperation against a top level cybercriminal organisation,” said Steven Wilson, head of Europol’s European Cybercrime Centre (EC3).

“The arrest of the key figure in this crime group illustrates that cybercriminals can no longer hide behind perceived international anonymity,” said Wilson. “This is another example where the close cooperation between law enforcement agencies on a worldwide scale and trusted private sector partners is having a major impact on top level cybercriminality.”

“This is the first time that the EBF has actively cooperated with Europol on a specific investigation,” said Wim Mijs, CEO of the European Banking Federation. “Public-private cooperation is essential when it comes to effectively fighting digital cross border crimes like the one that we are seeing here with the Carbanak gang.”

Whilst the arrest of this alleged criminal mastermind is a welcome development, the scary thing for most people is the worry that British banks are dramatically under-reporting computer attacks due to their fear of bad publicity.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Spyware Maker NSO Group Found Liable In US Court

Landmark ruling finds NSO Group liable on hacking charges in US federal court, after Pegasus…

2 days ago

Microsoft Diversifying 365 Copilot Away From OpenAI

Microsoft reportedly adding internal and third-party AI models to enterprise 365 Copilot offering as it…

2 days ago

Albania Bans TikTok For One Year After Stabbing

Albania to ban access to TikTok for one year after schoolboy stabbed to death, as…

2 days ago

Foldable Shipments Slow In China Amidst Global Growth Pains

Shipments of foldable smartphones show dramatic slowdown in world's biggest smartphone market amidst broader growth…

2 days ago

Google Proposes Remedies After Antitrust Defeat

Google proposes modest remedies to restore search competition, while decrying government overreach and planning appeal

2 days ago

Sega Considers Starting Own Game Subscription Service

Sega 'evaluating' starting its own game subscription service, as on-demand business model makes headway in…

2 days ago