Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Businesses Security

The Biggest Digital Heist in History Isn't Over Yet (bloomberg.com) 65

There are cyberheists, and then there's Carbanak, a cybercriminal gang that has stolen about $1.2 billion from more than 100 banks in 40 nations. The suspected 34-year-old ringleader is under arrest, but the whopping $1.2 billion amount remains missing. And to add insult to the injury, the malware attacks live on. Bloomberg Businessweek has an insightful story on this, which includes comments from none other than Europol itself, on the chase to catch Carabanak which has lasted for three years. Some excerpts from the story: Before WannaCry, before the Sony Pictures hack, and before the breaches that opened up Equifax and Yahoo!, there was a nasty bit of malware known as Carbanak. Unlike those spectacular attacks, this malware wasn't created by people interested in paralyzing institutions for ransom, publishing embarrassing emails, or taking personal data. The Carbanak guys just wanted loot, and lots of it.

Since late 2013, this band of cybercriminals has penetrated the digital inner sanctums of more than 100 banks in 40 nations, including Germany, Russia, Ukraine, and the U.S., and stolen about $1.2 billion, according to Europol, the European Union's law enforcement agency. The string of thefts, collectively dubbed Carbanak -- a mashup of a hacking program and the word "bank" -- is believed to be the biggest digital bank heist ever. In a series of exclusive interviews with Bloomberg Businessweek, law enforcement officials and computer-crime experts provided revelations about their three-year pursuit of the gang and the mechanics of a caper that's become the stuff of legend in the digital underworld.

Besides forcing ATMs to cough up money, the thieves inflated account balances and shuttled millions of dollars around the globe. Deploying the same espionage methods used by intelligence agencies, they appropriated the identities of network administrators and executives and plumbed files for sensitive information about security and account management practices. The gang operated through remotely accessed computers and hid their tracks in a sea of internet addresses.

This discussion has been archived. No new comments can be posted.

The Biggest Digital Heist in History Isn't Over Yet

Comments Filter:
  • by Geoffrey.landis ( 926948 ) on Tuesday June 26, 2018 @01:48PM (#56849230) Homepage

    Wow. So, who will be playing Carbanak in the movie? Brad Pitt?

    • Tom Sellick

  • Thanks NSA! (Score:5, Insightful)

    by bferrell ( 253291 ) on Tuesday June 26, 2018 @01:51PM (#56849260) Homepage Journal

    You really protected us from the bad guys by building these tools and NOT plugging the holes they use

  • by Anonymous Coward on Tuesday June 26, 2018 @02:27PM (#56849418)

    The biggest digital heist was when the banks took billions in public money to bail themselves out in 2008.

    Can you heist a heist?

    • by Anonymous Coward on Tuesday June 26, 2018 @03:21PM (#56849708)

      The biggest digital heist was when the banks took billions in public money to bail themselves out in 2008.

      Actually the heist which immediately preceded that ... packaging junk debt as AAA and selling it to other people.

      Essentially some greedy American assholes stole billions of dollars from the entire fucking world.

      The banks got bailed out, the people around the world who got conned into buying garbage American debt, not so much.

      How the people who rated that debt AAA didn't end up in prison, I have no idea. Because there is no way they didn't know they were part of a scam.

  • Since all this "money" is just pretend and not backed by anything with intrinsic value, why not just pretend it didn't happen? Set the balances back to where they were before the digital "theft" and call it good.

    Any banks that got some magical, ridiculously high deposits from out of the blue, well, you're S.O.L.

    • Actually, I'm wondering why it's so hard to get the money back. Of course, if they take it out of an ATM, it's gone. But I don't suppose they took 1.2 billion out of ATMs. So most of it just went from bank account to bank account to bank account. How hard can it be to trace?

      • by St.Creed ( 853824 ) on Tuesday June 26, 2018 @04:08PM (#56849946)

        Extremely hard, actually.

        Case in point, the heist of the Bangladesh Central Bank. They laundered that money through the casino's in the Philippines, who didn't track the money as well as they should have. So you enter with money, buy chips, lose a bit and then move your chips to your pal. He cashes out and now he has legit money.

        They did catch the money mules, but they were very unwilling to talk. Later they discovered it was probably North Korea doing the robbing, so that was understandable. The money will never be recovered.

      • > But I don't suppose they took 1.2 billion out of ATMs. So most of it just went from bank account to bank account to bank account. How hard can it be to trace?

        If the crooks were stupid, they would have transferred it from the victim bank into the crook's personal Wells Fargo account, and left it there. The crooks weren't stupid.

        The move it around through several countries right away, then use burner accounts in whichever countries to buy goods, things like laptops, gold, diamonds, etc. Move the diamonds

        • If the crooks were stupid, they would have transferred it from the victim bank into the crook's personal Wells Fargo account, and left it there. The crooks weren't stupid.

          I used to work in a bank and even if you put it in your own account it would take a lot of time and effort including a court order to get it back.
          Banks are in the business of protecting their customer's money, even if their customer is a crook.

          The move it around through several countries right away, then use burner accounts in whichever countries to buy goods, things like laptops, gold, diamonds, etc. Move the diamonds, laptops, gold, whatever to another country where the government officials are part of a fencing operation, etc.

          Casinos are the easy option. Transfer to a foreign bank, withdraw the cash and buy chips, lose a little to wash it, come out with clean money. We had a case here where one guy washed $90M at the local casino and no-one batted an eyelid until it was too late.

      • by Agripa ( 139780 )

        Actually, I'm wondering why it's so hard to get the money back. Of course, if they take it out of an ATM, it's gone. But I don't suppose they took 1.2 billion out of ATMs. So most of it just went from bank account to bank account to bank account. How hard can it be to trace?

        They hire mules and send them forged ATM cards who then extract the money as cash and send it back for a percentage.

  • by greenwow ( 3635575 ) on Tuesday June 26, 2018 @03:27PM (#56849740)

    A primary concern is ensuring the science is strong enough to distinguish a normal transaction from a transaction masquerading as one.

  • Whose great idea was it again to declare these as Russian spies in USA and EU without proof, and to stop working with them?
  • By any chance did the inner sanctums of these banks run on Microsoft Windows [krebsonsecurity.com]?

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...