Hacker who made ATMs spit out €10m at a time to buy cryptocurrencies arrested in Spain

The leader of a criminal gang which hacked into cash machines to make them spew out money as part of a €1bn (£870bn) swindle has been arrested.

Europol today announced that Spanish police had apprehended the head of a cybercrime syndicate, which targeted over 100 financial institutions in 40 countries with two pieces of malware, known as Cobalt and Carbanak.

Spain’s Ministry of the Interior named a man called Denis K., of Ukrainian nationality, as the “brains” behind the operation, with three other unnamed Ukrainian and Russian members also arrested.

Read more: Bitcoin bounty: Crypto exchange offers $250,000 reward to catch hackers

Cobalt affected some financial institutions in the UK, as well as Spain, Belgium, and the Czech Republic, Europol said, with the criminals able to scoop as much as €10m per heist.

The hackers managed to access “practically all the banks in Russia”, Spanish authorities said, while using platforms based in Gibraltar and the UK to load up prepaid cryptocurrency cards. One of the detainees also created an “enormous infrastructure” for bitcoin mining. The cryptocurrencies were used to launder the cash and spend it on luxury cars and houses, Europol said.

The complex theft used so-called spear phishing to target individual bank employees with emails which infected their computers with malicious software. The virus could then spread to bank servers and allow the criminals to transfer money to their accounts, raise the balance found in accounts, and spit out money from automatic teller machines (ATMs) at specified time.

Read more: Cybercrime costs the global economy $600bn

The arrest came after a complex investigation involving Spanish police and the US Federal Bureau of Investigation, as well the Romanian, Belarussian and Taiwanese authorities alongside private security firms.

The group first began its activities in 2013, launching a malware campaign targeting financial transfers and ATM networks known as Anunak. The coders made a more sophisticated programme called Carbanak which was used until 2016, Europol said.

Steven Wilson, head of Europol’s European Cybercrime Centre, known as EC3, said: “This global operation is a significant success for international police cooperation against a top-level cybercriminal organisation.

“The arrest of the key figure in this crime group illustrates that cybercriminals can no longer hide behind perceived international anonymity.”

Read more: The spy who accelerated me: Meet the 7 startups fighting cybercrime with GCHQ

Subscribe

Subscribe to the City AM newsletter to have our top stories delivered directly to your inbox.

Subscribe
By signing up to our newsletters you agree to the Terms and Conditions and Privacy Policy.