Hollywood loves a good bank robbery movie, and if someone wasn't already making one about the Carbanak cyber attacks, they really should. One group is said to have stolen over a billion from banks and over a thousand private customers, with Kaspersky Lab eventually called in to investigate what was going on.
In a video shared by Fern, it explains how two men walked into a Taipei bank on July 10, 2016. These men were interrupted as the ATM started spewing out bills, leaving one innocent stranger staring at piles of cash on the floor. At the same time, the same thing was going on at another 20 branches across Taiwan. Back then, The Register reported that cybercriminals seemingly gained control of the ATMs with a 'connected device' that was suspected to be a smartphone.
Advert
The European Union Agency for Law Enforcement Cooperation (Europol) says that Carbanak had been targeting ATMs since late 2013, using malware to attack machines.
Apparently, Carbanak was using 'spear phishing' emails to dupe bank employees into opening emails with malicious attachments. ATMs were instructed to dispense money at specific times, meaning it was simply a case of Carbanak hackers turning up at the right time and collecting their bounty.
Europol explained: "The criminal profits were also laundered via cryptocurrencies, by means of prepaid cards linked to the cryptocurrency wallets which were used to buy goods such as luxury cars and houses."
In the end, over 100 banks in over 30 countries were rinsed of up to $1 billion.
Advert
Hackers managed to install remote malware on admin computers, so with the infected computers being slowed down and IT being called, the hackers could then see when technicians typed in their administrative passwords.
This gave Carbanak access to central hubs, and effectively, a backdoor key to ATMs around the globe. More than this, Carbanak hackers bided their time and watched bank workers to see how transfers worked.
When ready to strike, a three-pronged attack transferred money from so-called transaction management accounts into their own, alongside the ATM attacks, and a third (more sophisticated method. The latter involved setting up accounts in the name of money mules, and then changing the bank's database to update the tiny amounts in their accounts to $1 million.
Although Kaspersky and various governing bodies managed to take down several servers, Carbanak kept popping up on more. Over 100 financial institutions had been targeted by the end of 2015, and in two years, over $1 billion had been swiped.
Discussing the attacks, Sergey Golovanov, Principal Security Researcher at Kaspersky Lab’s Global Research and Analysis Team, said: "These bank heists were surprising because it made no difference to the criminals what software the banks were using. So, even if its software is unique, a bank cannot get complacent.
Advert
"The attackers didn’t even need to hack into the banks’ services: once they got into the network, they learned how to hide their malicious plot behind legitimate actions. It was a very slick and professional cyber-robbery."
Ultimately, someone 'screwed up', and following the July 2016 incident, authorities managed to apprehend some of the money mules after checking CCTV. They went up the chain from the mules, and eventually, arrested the 'mastermind' in 2018. ‘Dennis K’ was living a life of luxury in Spain. At the time, he was worth 15,000 Bitcoin, which was then valued at $162 million.
Although 'Dennis K' was arrested and his assets were seized, most of the $1 billion remains missing to this day. There are fears that Carbanak is operating to this day, with Fern warning that the software is still being used - possibly by Russian cyber gangs who are given a free pass to cause chaos in the West.