cobaltThe leader of the cybercrime syndicate behind the Carbanak and Cobalt malware attacks, which infiltrated over 100 financial institutions in 40 countries, has been arrested in Alicante, Spain.  The arrest followed a complex investigation conducted by the Spanish National Police, with the support of Europol, the US FBI, the Romanian, Belarussian and Taiwanese authorities and private cyber security companies.

Since 2013 the cybercrime gang have attempted to attack banks, e-payment systems and financial institutions using pieces of malware they designed, known as Carbanak and Cobalt. The criminal operation has struck banks in more than 40 countries and has resulted in cumulative losses of over €1 billion for the financial industry. The magnitude of the losses is significant: the Cobalt malware alone allowed criminals to steal up to EUR 10 million per heist.

Cashing out

The money was then cashed out by one of the following means:cobalt

  • ATMs were instructed remotely to dispense cash at a pre-determined time, with the money being collected by organised crime groups supporting the main crime syndicate: when the payment was due, one of the gang members was waiting beside the machine to collect the money being ‘voluntarily’ spit out by the ATM;
  • The e-payment network was used to transfer money out of the organisation and into criminal accounts;
  • Databases with account information were modified so bank accounts balance would be inflated, with money mules then being used to collect the money.

The criminal profits were also laundered via cryptocurrencies, by means of prepaid cards linked to the cryptocurrency wallets which were used to buy goods such as luxury cars and houses.

International police cooperation

International police cooperation coordinated by Europol and the Joint Cybercrime Action Taskforce was central in bringing the perpetrators to justice, with the mastermind, coders, mule networks, money launderers and victims all located in different geographical locations around the world.

Europol’s European Cybercrime Centre (EC3) facilitated the exchange of information, hosted operational meetings, provided digital forensic and malware analysis support and deployed experts on-the-spot in Spain during the action day.

The close private-public partnership with the European Banking Federation (EBF), the banking industry as a whole and the private security companies was also paramount in the success of this complex investigation.

The full Infographic can be seen on the Europol Website