€1bln in Stolen Bank Funds “Hidden” with Crypto
A recent cybercrime bust has given civil authorities more fodder to feed the argument that popular cryptocurrencies attract criminal activity and money laundering.
Earlier this week, Europol, the European Union’s leading law enforcement agency, recently apprehended the ring leader of the hacking group responsible for stealing more than €1bln from over 100 financial institutions worldwide. According to Europol’s press release, the cyber criminals nabbed the funds from banks and financial institutions in more than 40 countries, laundering their loot with cryptocurrencies to hide it from local and international authorities.
The cybercrime organization, known as the Carbanak gang, has been conducting remote, malware-driven heists since 2013. Derived from a precursor program called Anunak, a malware known as Carbanak became the gang’s primary weapon from 2014-2016, hence their team’s moniker. Using company emails as their vector of attack, the team would send out seemingly legitimate emails to bank employees that contained phishing malware. If an employee clicked on the email’s malicious links, the criminals were granted access to the financial institution itself or, in some cases, its ATM networks.
From 2016 on, the team utilized a more sophisticated malware known as Cobalt that allowed them to steal as much as €10mln per hack. As with Carbanak, Cobalt allowed the criminals to breach into a bank’s central server or network through phishing attacks, giving them complete control and access over a variety of functions. This allowed the gang to steal funds by “‘voluntarily’ [spitting] out” money at predesignated ATMs, directly wiring funds into criminal accounts, or modifying databases to inflate customer accounts so money mules could collect the difference.
After the thefts, the team converted the funds into cryptocurrencies using prepaid cards. Once in their wallets, they used the digital funds to purchase high-end cars, houses, and other luxury items. The press release did not specify which cryptocurrencies were used in the laundering.
A Concerted International Policing Effort
Europol’s report stressed that the international policing community’s united effort was responsible for the ring leader’s arrest. Such cooperation, the post conveys, was necessary given the global scale of the operation.
“International police cooperation coordinated by Europol and the Joint Cybercrime Action Taskforce was central in bringing the perpetrators to justice, with the mastermind, coders, mule networks, money launderers and victims all located in different geographical locations around the world,” the press release reads.
The gang’s leader, whose identity remains undisclosed, was arrested in Alicante, Spain “after a complex investigation conducted by the Spanish National Police, with the support of Europol, the US FBI, the Romanian, Moldovan, Belarussian and Taiwanese authorities and private cyber security companies.”
Moreover, the release indicates that Europol and other investigation agencies couldn’t have succeeded had it not been for its cooperation with private sector entities, namely the European Banking Federation (EBF). Wim Mijs, the CEO of the EBF, stated that “[this] is the first time that the EBF has actively cooperated with Europol on a specific investigation,” touting that the success of the bust “demonstrates the value of [this] partnership” for “effectively fighting digital cross border crimes like [this] one.”
In regards to the arrest, the head of Europol’s European Cybercrime Centre, Steven Wilson, chalks it up as a significant victory for the international cyber security community:
“This global operation is a significant success for international police cooperation against a top level cybercriminal organisation. The arrest of the key figure in this crime group illustrates that cybercriminals can no longer hide behind perceived international anonymity. This is another example where the close cooperation between law enforcement agencies on a worldwide scale and trusted private sector partners is having a major impact on top level cybercriminality.”
The takeaway here? As cryptocurrencies become more popular and privacy coins see further development, “international anonymity,” from a financial perspective, becomes more complex. Even with the EU outlawing anonymous transactions, there’s no sure way to police such online activity, and the increased anonymity of coins such as Monero, ZCash, and Dash are likely to attract money laundering practices.
As privacy coins become the default for cyber criminals worldwide, international authorities will have the unwieldy task of combating an invisible enemy in a virtual realm foreign to those who don’t reside within it.
CoinCentral's owners, writers, and/or guest post authors may or may not have a vested interest in any of the above projects and businesses. None of the content on CoinCentral is investment advice nor is it a replacement for advice from a certified financial planner.