The mastermind allegedly behind a cybercrime gang that stole more than €1bn from 100 financial institutions, has been arrest in Spain.
The gang attacked banks in more than 40 countries with malware known as Cobalt.
They diverted the stolen money into bank accounts and laundered it through cryptocurrencies, Europol said.
Spain’s cybercrime chief Rafael Pérez said the country arrested a suspect identified only as Ukrainian national Denis K.
“The arrest of the key figure in this crime group illustrates that cyber-criminals can no longer hide behind perceived international anonymity,” added Europol’s cybercrime boss Steven Wilson.
Europol had been hunting the cyber thieves since 2016 with help from the European Banking Federation and law enforcement agencies from the US, Romania, Taiwan and others. Private companies also assisted the authorities.
€500m of Fraudulent Extractions
The gang had attacked ATMs in the center of Madrid in 2017 and made fraudulent extractions worth €500m, said the Spanish interior ministry.
The ministry added that they had seized from Denis K’s house in Alicante, extensive computer equipment, jewelry valued at €500,000 and two luxury cars.
“Phishing Emails” Used
The gang sent “spear phishing” emails disguised as being from international bank organizations, to bank employees.
The emails included links to fake websites that downloaded malicious software onto the bank workers’ computers.
That allowed the gang to hack into computers controlling an ATM network and change the withdrawal limits on accounts in order to take out large amounts of cash.
Another tactic used by the gang was “jackpotting” — ordering cash machines to withdraw money at set times for collection by “money mules” working for the gang.
They also manipulated bank databases to inflate bank balances before withdrawing the money.
Gang Laundered Cash Using Bitcoin
“The criminal profits were also laundered via cryptocurrencies, by means of prepaid cards linked to the cryptocurrency wallets which were used to buy goods such as luxury cars and houses,” Europol said, including bitcoin and litecoin.
Europol said the savvy hackers limited the value of their cyber-attacks to fewer than €10m, a threshold for banks to report an incident to law enforcement authorities.
Europol added that it was still working to track down the stolen money and find the coders, “mules” and money launders who worked for the cybercrime gang.
“This is the first time that the EBF has actively co-operated with Europol on a specific investigation,” said Wim Mijs, chief executive of the European Banking Federation.
“Public-private co-operation is essential when it comes to effectively fighting digital cross border crimes like the one that we are seeing here with the Carbanak gang.”