Police have arrested the criminal mastermind behind a $1 billion cyber bank robbery
Butch Cassidy, Baby Face Nelson, Bonnie & Clyde. These infamous criminals have managed to get their names in the history books thanks to their audacious bank robberies, often making off with vast supplies of cash in high-stakes heists. Ever since the golden age of the stickup artist during the Great Depression, the bank robber has become a semi-romanticised figure in popular culture, and who doesn't love a good heist movie?
But banks and the police have only become savvier over the years. Thanks to advances in technology and security systems, breaking into a vault is harder than ever. In the 21st century, criminals have had to adapt and evolve. The modern day bank robber is far more likely to be a computer nerd, capable of hacking into accounts and embezzling corporate funds, than a thug brandishing an assault rifle. These days, bank robbers don't even need to enter the bank they intend to steal from, and can digitally purloin a fortune from a bank from thousands of miles away.
One notorious cybercriminal group, the Carbanak gang, is responsible for the theft of over $1 billion from various banks around the world. Since 2013, the gang has targeted more than 100 financial institutions in more than 40 countries including the United Kingdom, Spain and Russia.
The syndicate allegedly gets its name from the malware it used to access banking systems and was at one point based in Ukraine. They employed a variety of ingenious methods to steal with impunity. The group reportedly made millions in 2015 by hacking and reprogramming Ukrainian ATMs, which began "spontaneously" spitting out large wads of bank notes, which mules dutifully picked up.
The Carbanak gang also hacked into bank systems to nefariously transfer cash out of the accounts of unsuspecting clients and into their own pockets, then altering databases and other records to cover their tracks. The fraud got even harder to detect when the group became even more sneaky: they would artificially inflate cash resting in certain savings accounts, then transfer the money they skimmed off of this fake interest to keep in their own account. One particular European financial group has allegedly lost $10 million after its online banking app was exploited by the group.
But there is good news. Authorities have been tracking the exploits of the syndicate, and managed to arrest the man they assume to be the mastermind of the group. This anonymous individual is responsible for the missing billion and sits at the centre of a sprawling web of vice and thievery. On March 6, 2018, around 20 police officers raided a house in the city of Alicante, Spain. There they arrested a Ukrainian man named by Spain's Interior Ministry as "Denis K" - the Professor Moriatry figurehead leading the Carbanak gang. The investigation and the arrest was the result of a complex collaboration between the FBI, Moldovan, Belarussian and Taiwanese authorities, among others.
Commenting on the decisive arrest, the head of operations at Europol's European Cybercrime Centre Fernando Ruiz commented: "This is something we have been waiting for for a long time... We consider this as one of the most important arrests in the last years because this person, arrested in Spain, was the person actually coding the malware... This person was technically excellent, he was able to identify vulnerabilities and code the malware to exploit these vulnerabilities. There are not many criminals with this knowledge, with this capacity to develop this kind of malware."
Ruiz says that the authorities were able to track Denis K to his Spanish hideout through transactions made via Taiwan and Belarus. He added: "These were one of the typical ATM network attacks in Taiwan. They got access to the network in Taiwan and cashed out the money to mules. The police were able to arrest a number of these mules so we started to co-operate with Taiwan to see where this was coming from. This was an important element as this led to a group in Belarus and there we were able to connect this target. We were able to connect Taiwan, Belarus and Spain through the information exchanged with partners."
The group's covert activities were first spotted by Russian security company Kaspersky, whose principal security researcher Sergey Golovanov exposed their schemes in a 2015 report entitled: "Carbanak APT: The Great Bank Robbery." In it, Golovanov concludes that: "Carbanak is a remote backdoor (initially based on Carberp), designed for espionage, data exfiltration and to provide remote access to infected machines. Once access is achieved, attackers perform a manual reconnaissance of the victim’s networks... There will be hundreds of people [involved]. Dozens of people that are working 27/4, that would be the real scale of the Carbanak group."
Kaspersky's original report states that the gang's malware breached the bank's security systems via phishing email scams, which contained attachments which could exploit vulnerabilities within Microsoft Word and Office to open a backdoor into the bank's intranet. From there, the attackers were free to conduct surveillance and replicate transactions within the networks of financial groups, and remotely control the victims’ infected machines, giving them access to the servers controlling the ATMs.
Denis K owned 15,000 Bitcoin, lived with his wife and son, and drove two BMWs at the time of his arrest. Investigators are now examining the computers and other electronic devices found in his home to acquire further evidence of his crimes. Europol has not as yet made public the evidence it currently holds that Denis K is indeed responsible. The Carbanak gang allegedly operated in a similar way to the Russian hackers who managed to successfully influence the US election, and it is hoped that this arrest will lead to the group ultimately dissolving itself. It just goes to show that even though criminals are operating differently these days, the police are just as well-equipped to catch up with them.