Billion Dollar Cyber Crime Chief Finally Caught

John Lister's picture

A man has been arrested for allegedly stealing more than a billion dollars in cyber attacks. The tactics were so outlandish, they almost sounded like the words used by Richard Pryor's character in Superman III.

The unnamed man was arrested in Spain after an investigation that involved officials from six countries on three continents plus private cyber security firms. The man is alleged to have led a gang that attacked more than 100 banks and other financial institutions around the world.

The gang has been operating for at least three years using three forms of malware, known as Anunak, Carbanak and Cobalt Strike. The last of these was customized from legitimate software designed to test security on computer networks.

Phishing Emails Breached Networks

The attacks started with phishing scams where bank employees were targeted with bogus emails that contained attachments. Once opened, these attachments installed the malware, spread across a bank's network, and then infected the computers that controlled ATMs.

The gang then exploited the malware in three increasingly jaw dropping ways. At the simplest, they accessed electronic payment networks and simply transferred the bank's own money to their accounts.

At the next level, they accessed the databases that keep track of customer bank balances. They then increased the listed balance before immediately withdrawing cash from ATMS. (Source:

ATMs Spat Out Bills

The most audacious method, however, was to gain control of the ATMs themselves and force them to eject cash as if somebody was making a withdrawal. Other gang members were waiting by the machines to grab the money and flee.

The money was then used to buy units of virtual "cryptocurrencies" before being turned back into traditional cash balances on cards. Once that was complete, they used the money to buy cars and houses, making it harder to trace the culprits.

Some of the gang's operations collected more than €10 million (US $12.3 million). Altogether the gang is believed to have raked in more than a billion euros (US $1.23 billion) across 40 countries. (Source:

What's Your Opinion?

Are you surprised the gang was able to pull off such outlandish thefts for so long? Do the banks bear any responsibility for the security holes? Should financial institutions ban the receipt of external emails on internal network computers?

Rate this article: 
Average: 5 (5 votes)


Dennis Faas's picture

This cyber crime team must have been really good at accounting to be able to pull off such feats for 3 entire years. Balances need to "check", so I am not sure how they were able to pull this off for so long without an internal alarm going off. At any rate I'm glad they were caught. Let's hope the same efforts can be put forth to catching the cyber crooks in India that scam people out of billions each year!

Stuart Berg's picture

I don't know if it is still true, but up until a year or so ago most ATMs were still using Windows XP. That may have facilitated the schemes you described.

PseudoGeek's picture

Your bank's ATMs use Windows XP??? Wow. I think my bank uses DOS Version 4 on a 286 processor.

ifopackets_10683's picture

Comment about XP, By odd luck I was in my bank today and joked about that exact question.
They said they were not. Besides that was Win-XP Embedded. And the support was longer than the rest of XP. AND if the banks wanted to use the machines after the Official End of Life of that version they could always pay ton$ of ca$h and buy longer $upport.

kevinb478's picture

I know for a fact that the ATM machine where I work that is owned by a local band still has windows XP running on the ATM machine but who knows how many ATM's that this bank owns or other local banks around here are still running outdated windows software in them and I have seen where thieves have installed fake card readers on ATM machines and fuel pump card readers and have also installed wireless devices inside fuel pumps to read someone's credit card information and was able to get their card info just by a wireless connection and sitting in their vehicle a few feet away with their laptop some other computer device like maybe an I-PAD

ifopackets_10683's picture

About card readers and gas pumps. I use a Sunoco Card good only at their own places.
They and my regular CC company e-mail me the minute something is added to my cards.

PS: I guess my ad blocker is forcing replies into being new messages instead of replies?