back to article Cash-machine-draining €1bn cybercrime kingpin suspect cuffed by plod

European cyber-cops have felt the collar of a bloke suspected of running a network of crims that used malware to pinch €1bn (£874.8m, $1.24bn) from cash machines and other banking systems. The crew developed the software nasty Anunak, later updated to Carbanak, as well as cyber-weapons based on Cobalt Strike's penetration …

  1. frank ly

    I'm living my life wrong

    "... prepaid cards linked to online alt-coin wallets were used to buy flash motors and nice houses, ..."

    When I tried to transfer £200 to my prepaid card that I've had for two years, my bank stopped the transaction because they suspected fraud and left me a voice message to tell me to contact them.

    Criminals seem to have all sorts of convenient financial facilities available to them.

    1. Anonymous Coward
      Anonymous Coward

      Re: I'm living my life wrong

      You don't "game" the system.

      There are normal ways, the way you see a cue at the store, and choose the shortest.

      Then there are the illegal ways.

      These people need the first, and know the second.

      1. Richard 22
        Coat

        Re: I'm living my life wrong

        I think you'd only choose the shortest cue if you were buying it for a child really.

        OK, ok. I'm leaving.

  2. Anonymous Coward
    Anonymous Coward

    Seems a bit far fetched

    It would have been a lot simpler if they had insiders in the banks.

    1. A Non e-mouse Silver badge
      Joke

      Re: Seems a bit far fetched

      Or setup a religion. At least that way they wouldn't have to launder the money.

      1. Hans 1
        Joke

        Re: Seems a bit far fetched

        Flying Noodle Monster, anyone ?

  3. A Non e-mouse Silver badge

    Money Laundering

    €1Bn is a lot of money to launder. You're going to need some serious work to clean that amount of money.

    1. Anonymous Coward
      Anonymous Coward

      Re: Money Laundering

      >€1Bn is a lot of money to launder. You're going to need some serious work to clean that amount of money..

      Or a very large washing machine

    2. allthecoolshortnamesweretaken

      Re: Money Laundering

      Real estate development projects.

      1. Alter Hase

        Re: Money Laundering

        Real estate development projects with the name of a a world leader(?)

  4. Lee D Silver badge

    I'm no security expert but:

    "The crooks are said to have kicked off their activities with the Anunak malware in 2013, which was sent in spear-phishing emails to bank employees to infect their Windows PCs when opened. Once compromised, the zombie machines were used to access the bank's internal network and hijack ATMs."

    So, the ATMs are on the same network, VLAN and authentication paths as the Windows PC loaded with Outlook.

    Now, call me an idiot, but... if that's the case then there's something already DRASTICALLY wrong with bank security.

    I literally cannot think of a reason for an ATM to be on anything other than a walled-off VLAN, with zero access by the branch staff. In fact, I can't even think of a reason that ATMs should be modifiable remotely at all, to be honest, and certainly not in a way that they can dispense money for free, or more money than requested.

    1. Dabooka

      That was certainly my understanding

      My old mate (since departed) was a manager at a UK bank, and other than topping it up with cash they had no links whatsoever, it had it's own data connection etc. although clearly it still had to 'phone home' transaction data somehow.

      To be fair that was a while ago, and I'm sure times have changed, but presumably for the better. This would seem a backward step,

      1. Lee D Silver badge

        Re: That was certainly my understanding

        Which would be how I would design it. [[However, for all intents and purposes a properly secured and managed VLAN setup is practically identical to separate cabling (no, on a proper setup, you can't just "pretend" to be on the secure VLAN even if you know what that is - any decent switch will refuse that, only allow certain ports to do that, override any VLAN setting (or absence of one) you try anyway, or demand RADIUS to authenticate to the other VLAN).]]

        But in terms of modifications... why would you want them remotely-accessible from anything other than the central bank itself (and the computers controlling your centralised ATM network? Yeah, they shouldn't have Outlook on them), and why would you want to modify (say) denominations issued or present in the drawers? That stuff should be done by an engineer on-site (by definition, physically inside the bank, and usually when it's closed to the public).

        Certainly it shouldn't be issuing out more than requested, giving money for free, or from accounts that don't have the funds (up to a set amount, possibly, in the case of complete disconnection from the network but to be honest, I would then say "Don't issue money at all but say "Out of Order" because you have no idea if it actually exists in the account at all"). Isn't that how ATMs are scammed across Europe - everyone clones a card, uses it at the same time in ten different countries, the foreign ATMs all "trust" it for a while and issue cash, and only realises 10 times the amount has been withdrawn from various countries but it took a little while to update them all and realise that? It always seemed a stupid design for me, and the reason that card machines dial-up to check the ACTUAL live status rather than hope there was credit and issue the goods/money.

        1. Anonymous Coward
          Anonymous Coward

          Re: That was certainly my understanding

          Is it not Nat West or someone that allows you to take out cash using your phone when you lose your card?

          Making life easier always adds more risk, lose your card? stupid arse, apply for a new one or vist the branch to get cash out

  5. This post has been deleted by its author

  6. schmerg

    "€1bn (£874.8m, $1.24bn) "

    Oh come on Reg, I expected better of you.... significant figures and all that.

    Or did he really steal precisely £874.8m which just coincidentally comes to €1.000bn

  7. Anonymous Coward
    Linux

    Spear-phishing emails infect Windows PCs

    "The crooks are said to have kicked off their activities with the Anunak malware in 2013, which was sent in spear-phishing emails to bank employees to infect their Windows PCs when opened"

    They could have set Windows to open the files in 'Microsoft Word Viewer', except it's no longer available or disable auto running of Word Macros or open the file in LibreOffice.

  8. peterm3

    Would be useful to know in which countries this took place? Eastern / Southern Europe?

    1. Solmyr ibn Wali Barad

      "According to Kaspersky Lab data, the Carbanak targets included financial organisations in Russia, USA, Germany, China, Ukraine, Canada, Hong Kong, Taiwan, Romania, France, Spain, Norway, India, the UK, Poland, Pakistan, Nepal, Morocco, Iceland, Ireland, Czech Republic, Switzerland, Brazil, Bulgaria, and Australia."

      www.ibtimes.co.in/great-online-bank-robbery-how-carbanak-cybergang-stole-1-billion-100-banks-worldwide-623651

  9. Anonymous Coward
    Anonymous Coward

    Something's missing in this story...

    ...between the 'got phished' and 'pwned the ATM network' chapters.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like