Cybergang that was behind the $15 million bank robbery has been arrested by the Roman authorities

Police solves the case of cyber gang members who stole more than €13.8 / $15 million by cloning the cards with the bank’s computer system.

The Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT) has shed light on a new cyber heist by raiding 42 locations in six countries on Sunday. They have detained 25 people whom they suspect to be part of a 52 member international cyber gang which could include the individuals not only from Romania but also from various other parts of the globe.

The Romanian authorities suspect that these hackers could have hacked the banks to clone the payment cards which were then used in various ATMs across the world to steal more than $15 million.

As per DIICOT, the required data to clone the cards was obtained by hacking the computer systems  from banks in the US (Puerto Rico) and in Muscat, the capital city of Oman. Further it seems the criminals targeted the accounts which belonged to large corporations and successfully extracted the payment card data of these accounts which they then used to create fraudulent cards. These cloned fraud copies of cards were later distributed to the members of the cyber gang. The members in turn used the cloned cards to withdraw money from ATMs across different International countries.

As per the Romanian authorities, it seems the cyber gang were well coordinated and they properly chalked out the withdrawals in batches over a shorter intervals and also it was planned out on ‘non business’ days of the financial institutions (banks).

For example: On February 20th 2013, $9 million/ €8.3 million was withdrawn from the ATMs across Japan by these criminals. Similarly, on December 2nd 2013, the gang hit almost 4,200 transactions that totaled to $ 5 million / €4.6 million in cash from ATMs across 15 Romanian cities. This clearly indicates that within a year the gang made almost 34,000 ATM transactions in 24 countries.

The DIICOT further added that the gang also were able to carry out their fraudulent withdrawals in US, UK, Germany, Italy, Spain, Netherlands, Canada, Colombia, Dominican Republic, Mexico, Indonesia, Egypt, Malaysia, Russia, Sri Lanka, Thailand, Ukraine, the United Arab Emirates, Pakistan, and Latvia.

On Sunday, the Romanian authorities carried out the execution in six cities that included 42 house searches. Police have seized 16 laptops, smartphones which were used for the heinous activity by the gang members. Further, the authorities also seized 2 kg / 4.4 lbs of gold bars, €150,000 / $163,000 in cash and paintings. It seems the money acquired from the heist was also invested into real estate and other valuable goods by the group leaders, for now these all have been placed under restrictions till further investigations, as told by DIICOT.

Also this is not a first cyber heist, a similar scenario was seen when a gang known as Carbanak was successful in stealing $ 1 billion from various banks and other financial institutions across 25 countries. The researchers at Kaspersky Lab, in February, reported the actual technique that was used by the criminals. As per the report, the criminals used spear phishing method wherein they targeted the victim’s network by sending emails with malicious attachments. With this malware the criminals infected the computers systems of the bank and financial institutions and carefully learnt the internal procedures with which they were able to jump the network until they reached their point of interest which is to extract the money using the infected entity. Since every bank would follow different methods, the infected computer were used to record videos and these shots were sent to the servers of the attackers to learn the commands that is used for withdrawal of money, thus the criminals were successful in their heists.    

One more recent incident is the case of Ryanair, which is still under investigation stages wherein $ 5 millions was stolen from the bank accounts that was used for fuelling the aircrafts.

As per the report from security researchers the general trend seen among organized cybercrooks is to target the banks and large financial institutions instead of the customers to hit bigger heists.

2 COMMENTS

  1. Hi!

    I have spotted a couple of typos in your article. The correct term to refer to an authority or a person from Romania is “Romanian” and not “Roman”.

    Best regards,

    V.

LEAVE A REPLY

Please enter your comment!
Please enter your name here