Go to an ATM at the right place, at the right time, and you could be collecting a whole lot of free money. Over $1.25 billion has been spewed out by cash machines, in over 40 countries, since 2013.

Some ordinary people will have been offered cash by these ATMs, for no apparent reason. But the majority was collected by criminal gangs. In fact, it was just one criminal gang, known as Carbanak.

Carbanak is responsible for what must be, by far, the biggest bank heist in history. The fact is, no one actually knows how much money it has stolen altogether.

A 2015 report by Kaspersky Lab put the figure around $1.25 billion. That was before Carbanak developed its most sophisticated techniques, which it continued to operate until its alleged mastermind was recently caught. This was such a big operation that it is unlikely any one person was in charge and doubtful that such a mastermind would be as stupid with their money as the alleged mastermind was.

So, there is every chance Carbanak is still taking billions from banks, all around the world.

Software that does bad things is known as “malware”, as in malicious software. The particular malware the robbers used was called Carbanak, hence the name the gang was given. Carbanak was likely downloaded, as most viruses are, from an email attachment.

An email would have been sent to bank employees designed to look like it was coming from another employee, with an attached Word document, which would have contained the malware. This is why it is important to keep all your software updated. Most of the time, updates are patches for known security holes in the program.

WannaCry hack was so successful in the UK because most of our institutions are inept with computers. So inept that many of them, including most of the NHS, kept their systems running on Windows XP. Windows XP is decades old and no longer receives security updates. WannaCry had no effect on up-to-date systems.

The Carbanak malware once “in” the bank’s system, then replicated and infected more computers. It allowed the hackers to see what was happening on infected computers’ screens. The hackers could then see how real transactions and money moving looked. Then the hackers used their malware to take control of the system and fake
ATM heist real transactions. They created extra money and then got cash machines to release it.

They had a network of money mules who were told which cash machines to wait at and when. Then these mules just collected the free money. The money was then laundered – much of it through bitcoin.

Europol has made a fun infographic explaining it all, which you can see below.

The person caught was probably not the mastermind, but seemingly definitely involved, and likely one of the main coders of the malware.

As Wired reports. The key to tracking the man down to his Alicante home was through Taiwan and Belarus. A report from Europol and security company Trend Micro published last year, details how both countries saw ATMs dispensing cash to mules.

The report says $2.5m (£1.78m) was stolen from 41 Wincor Nixdorf ATMs operated by First Commercial Bank in Taiwan during July 2016 “without using cash cards or even touching the PIN pads”. After the attack arrests were made and malware was found within the bank’s system. These were one of the typical ATM network attacks in Taiwan. They got access to the network in Taiwan and cashed out the money to mules.

The police were able to arrest a number of these mules so we started to co-operate with Taiwan to see where this was coming from. This s led to a group in Belarus and from there we were able to connect this target. We were able to connect Taiwan, Belarus and Spain through the information exchanged with partners.

Europol says “criminal profits” were laundered via cryptocurrencies. “Prepaid cards linked the cryptocurrency wallets which were used to buy goods such as luxury cars and houses,” the international agency said in its statement.

A report in El Mundo, Spain’s second-largest newspaper, claims Denis K [the mastermind] owned 15,000 bitcoins (currently valued around £84m) at the time of his arrest. Catalan newspaper El Periódico de Catalunya reported that the arrested man lived with his wife and son, drove two BMWs and had jewellery valued at €500,000 within the home. If you have ever seen any crime film or TV show ever, you will know that flashing your cash is not a very good plan. Yet this mastermind had two BMWs and half a million euros’ of jewellery.

Europol also don’t give any information about how they actually tracked him down. I very much doubt the mules would have known anything about anyone near the top of Carbanak.

While this is the biggest bank robbery of all time, affecting multiple banking institutions in many different countries, it did not get much press. Not while it was all going on, not at the time of the mastermind’s arrest, and not much since. In fact, it is very hard to find out which banks were actually affected.

This is because cybercrime is very very bad business for banks. Banks rely on their customers trusting that they will keep their money safe. If you knew your bank had lost millions of its customers’ money to hackers, how would you feel? Would you really trust it to keep your money safe? No. Most banks and big businesses that do get hacked is keep it quiet. The banks will have simply reimbursed any accounts that were affected and kept quiet.

We only hear about these hacking stories when it affects customer’s records, so the institutions are forced to tell us. Otherwise, it’s all kept as quiet as possible. Even GDPR will keep the status quo on this situation unless customer records are implicated in the breach.

Groups like Carbanak are operating all over the world, 24 hours a day. It’s just
we rarely hear about them.
Author: Norman Frankel Chairman, iCyber-Security

Other Magazines