Alleged mastermind behind EUR 1 billion cyber and laundering scam arrested
12 Apr 2018

The crime boss of a gang targeting over 100 financial institutions worldwide and costing the financial industry an estimated EUR 1 billion in cumulative losses, has been arrested, say authorities.

The criminal profits were also laundered via cryptocurrencies, Europol said, using prepaid cards linked to the cryptocurrency wallets which were used to buy goods such as luxury cars and houses.

The gang targeted banks, e-payment systems and financial institutions using pieces of malware they designed, known as Carbanak and Cobalt.

The Cobalt malware alone is understood to have allowed criminals to steal up to EUR 10 million per heist.

The arrest was made following an investigation by Spanish police, with the support of Europol, the US FBI and other enforcement agencies.

Steven Wilson, head of Europol’s European Cybercrime Centre (EC3), said: “The arrest of the key figure in this crime group illustrates that cybercriminals can no longer hide behind perceived international anonymity.”

The group has been in operation since 2013, launching the Anunak malware campaign that targeted financial transfers and ATM networks of banks.

They then changed the Anunak malware into a more sophisticated version, known as Carbanak, which was used in until 2016, and from there, went on to use tailor-made malware based on the Cobalt Strike penetration testing software.

“The criminals would send out to bank employees spear phishing emails with a malicious attachment impersonating legitimate companies,” Europol explained.

“Once downloaded, the malicious software allowed the criminals to remotely control the victims’ infected machines, giving them access to the internal banking network and infecting the servers controlling the ATMs. This provided them with the knowledge they needed to cash out the money.”

Wim Mijs, Chief Executive Office of the European Banking Federation, said: “This is the first time that the EBF has actively cooperated with Europol on a specific investigation.

“Public-private cooperation is essential when it comes to effectively fighting digital cross border crimes like the one that we are seeing here with the Carbanak gang.”

Read more:

UK: Gang laundered cash from fraud victims through bank accounts

Chinese money launderers paid £1.8m into London banks

EU Sixth Anti-Money Laundering Directive (6AMLD) – Expert analysis of new EU measures

Advance your CPD minutes for reading this article, by signing up and using the CPD Wallet

FREE CPD Wallet
Must Read

Elise Bean – The Inside Track – The US Senate’s Investigations into Financial Crime

Elise Bean joins Tom Devlin (from KYC360) in conversation to discuss her new book, highlights of her investigative career, and learning points for both banks and financial crime investigators arising from the PSI's work Read More

Financial crime: Court orders banks to open account for convicted fraudster

The Royal Court in Jersey has ruled that a trust for a convicted fraudster should be allowed to open a bank account on the Isle, despite being denied banking services in other jurisdictions. The case put before the Jersey court is linked to another infamous scam, unrelated to the trust… Read More