ATM hacker behind $1 billion malware heists arrested in Spain

In a joint operation, Europol along with the law enforcement authorities from Belarus, Romania, Taiwan, Spanish Police, and the Federal Bureau of Investigation (FBI) have arrested an ATM hacker who happened to be the mastermind behind the large-scale cyber attacks against hundreds of banking and financial institutions around the world.

More: Jackpotting attacks hit U.S. ATMs; spit out cash in seconds

The ATM hacker who has not been named yet led a group of highly sophisticated cyber criminals who stole over billions of Euros ($1.2 billion) by infecting banking infrastructure with Carbanak, Cobalt and Anunak malware.

The group was identified in 2013 by Russian cybersecurity giant Kaspersky Labs who noted that Carbanak is an APT-style (advanced persistent threat (APT) campaign targeting (but not limited to) financial institutions in 40 different countries.

ATM Hacker behind $1 billion malware heist arrested in Spain
Infographic shared by Europol showing how the group worked

The group’s attacked banks in such a way that it used phishing attacks against its employees. Once their computers were infected the malware would allow hackers to remotely take over the system including those controlling ATMs resulting in spitting out cash for the group.

According to a press release by Europol, the group used three different methods of stealing money from the targeted banks including: 

1. One in which one of the cybercriminals would physically wait outside the targeted ATM and collect the money at a pre-determined time. 

2. They used e-payment network to transfer stolen money into their own bank accounts.

3. The group also compromised banking databases containing account information and modify the existing balance and steal the original amount without raising any suspicion.

The group also laundered via cryptocurrencies, by means of prepaid cards linked to the cryptocurrency wallets which were used to buy goods such as luxury cars and houses until their criminal activities came under Europol’s radar and arrested in Spain.

“This is the first time that the European Banking Federation (EBF) has actively cooperated with Europol on a specific investigation. It clearly goes beyond raising awareness on cybersecurity and demonstrates the value of our partnership with the cybercrime specialists at Europol. Public-private cooperation is essential when it comes to effectively fighting digital cross-border crimes like the one that we are seeing here with the Carbanak gang,” said EBF’s Chief Executive Office Wim Mijs.

Steven Wilson, Head of Europol’s European Cybercrime Centre (EC3), said: “This global operation is a significant success for international police cooperation against a top-level cybercriminal organization. The arrest of the key figure in this crime group illustrates that cybercriminals can no longer hide behind perceived international anonymity.”

“This is another example where the close cooperation between law enforcement agencies on a worldwide scale and trusted private sector partners is having a major impact on top-level cyber criminality.”

More: Prilex ATM Malware Modified to Clone Chip-and-Pin Payment Cards

Image credit: Depositphotos

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.