Mastermind of world-wide 1,000 million dollar cyber bank attacks arrested in Alicante
Police in Spain have arrested the mastermind behind hundreds of cyber attacks on banking organisations around the world.
The arrested man, Denis K., of Ukrainian nationality, along with three other members of the organisation, of Russian and Ukrainian nationalities, used malicious software to infect the computer systems of banks, mainly Russian, but also of Belarus, Azerbaijan, Kazakhstan, Ukraine and Taiwan.
The virus allowed them to take control of the system and to plunder accounts remotely to the tune of “more than 1,000 million dollars”.
The cyber chief was arrested in Alicante.
In the case of Spain, the criminal organisation attacked ATMs located in the centre of Madrid during the first quarter of 2017, making fraudulent extractions worth half a million euros.
“We are facing one of the most important operations of the Central Cybercrime Unit of the National Police due to the international significance of the cybercriminal detained,” said Interior Minister Juan Ignacio Zoido.
Since they began operating in 2013 this group of criminals managed to access virtually all banks in Russia. The profits obtained with each attack, which exceeded one and a half million dollars on average, were immediately converted into cryptocurrencies in order to facilitate their movement in an international network of money laundering.
During a raid on the ringleader’s home, computer equipment, jewellery valued at 500,000 euros, various documents and two high-end vehicles, among other effects, have been seized. In addition, bank accounts and two homes valued at close to 1,000,000 euros have been blocked.
The investigation initiated at the beginning of 2015 was described as very complex, combing traditional investigation techniques against organised crime and new methods. The Spanish authorities were helped by the FBI and Interpol.
Despite the high technical level of its members, the cybercriminals needed the support of other criminal groups to coordinate the work of the “mules” in charge of withdrawing cash from ATMs attacked in different countries. Until 2015, the Russian Mafia was in charge of this task and, as of 2016, the Moldovan Mafia did it.
The attack began with the mass sending of fraudulent emails supplanting the identity of legitimate organisations or companies and directed to a multitude of email addresses of employees of banking entities around the world. These emails attached a file, usually in .RTF or .DOC format, which contained a malicious code that made it possible to exploit some non-updated vulnrability in the victim’s computer systems.
Once the employee received the email and opened the attached file, and in those cases in which the vulnerability was not properly updated on the employee’s computer, a malicious code was executed on his computer. This initiated the download of a software package that allowed, later, the remote control of it from command and control servers.
The benefits of illicit activity in the form of large amounts of cash were exchanged into bitcoins at exchange houses in Russia and Ukraine. The bitcoins were later transferred to the accounts of the detainee, who managed to accumulate around 15,000 bitcoins. The detainee used financial platforms in Gibraltar and the United Kingdom to load prepaid cards with this cryptocurrency that he could use in Spain for the purchase of all kinds of goods and services (including vehicles and homes).