ATMs have spit out over $1.25bn of free cash since 2013

Go to an ATM at the right place, at the right time, and you could be collecting a whole lot of free money.

Over $1.25 billion has been spewed out by cash machines, in over 40 countries, since 2013.

Of course, had you managed to be at the right cash machine at the right time to collect this money, you’d have had to fight off a “money mule” to get it.

Of course, some ordinary people will have been offered cash by these ATMs, for no apparent reason. But the majority was collected by criminal gangs.

In fact, it was just one criminal gang, known as Carbanak.

Carbanak is responsible for what must be, by far, the biggest bank heist in history. The fact is, no one actually knows how much money it has stolen altogether.

A 2015 report by Kaspersky Lab put the figure around $1.25 billion. But that was before Carbanak developed its most sophisticated techniques. And it continued to operate until its alleged mastermind was caught last month.

Now, I say alleged, because this was such a big operation, it’s doubtful any one person was in charge. It’s also doubtful that such a mastermind would be as stupid with their money as our alleged mastermind was.

So, there is every chance Carbanak is still taking billions from banks, all around the world.

How the world’s biggest bank heist went down

People like to call software that does bad things “malware”, as in malicious software. And the particular malware that the robbers used was called Carbanak, hence the name the gang has been given.

From what I can find, Carbanak was downloaded – as most viruses and other computer nasties are – from an email attachment.

An email was sent to bank employees that was designed to look like it was coming from another employee, with an attached Word document. And the Word document contained the malware.

As an aside, this is why it’s important to keep all your software updated. Most of the time, updates – particularly with Adobe reader – are patches for known security holes in the program.

The reason the “WannaCry” hack was so successful was because most of our institutions are woefully inept with computers. So inept that many of them – such as much of the NHS – kept their systems running on Windows XP. Windows XP is decades old and no longer receives security updates. WannaCry had no effect on up-to-date systems.

But anyway, back to the story.

So the Carbanak malware once “in” the bank’s system, then replicated and infected more computers. It allowed the hackers to see what was happening on infected computers’ screens. The hackers could then see how real transactions and money moving looked.

Then the hackers used their malware to take control of the system and fake real transactions. They created extra money and then got cash machines to release it.

They had a network of money mules who were told which cash machines to wait at and when. Then these mules just collected the free money.

The money was then laundered – much of it through bitcoin (which, if you ever read my article on Monero, you’ll know isn’t very hard to trace).

Europol has made a fun infographic explaining it all, which you can see below (click for a bigger image).

How the “mastermind” was caught

Now, you’ll probably notice that I’ve put mastermind in inverted commas. That’s because I don’t really believe this guy was the mastermind.

Still he was seemingly definitely involved, and likely one of the main coders of the malware.

As Wired reports:

The key to tracking the man down to his Alicante home was through Taiwan and Belarus, Ruiz says. A report from Europol and security company Trend Micro published last year details how both countries saw ATMs dispensing cash to mules.

The report says $2.5m (£1.78m) was stolen from 41 Wincor Nixdorf ATMs operated by First Commercial Bank in Taiwan during July 2016 “without using cash cards or even touching the PIN pads”. After the attack arrests were made and malware was found within the bank’s system. “These were one of the typical ATM network attacks in Taiwan. They got access to the network in Taiwan and cashed out the money to mules,” Ruiz says.

“The police were able to arrest a number of these mules so we started to co-operate with Taiwan to see where this was coming from. This was an important element as this led to a group in Belarus and there we were able to connect this target. We were able to connect Taiwan, Belarus and Spain through the information exchanged with partners.”

Europol says “criminal profits” were laundered via cryptocurrencies. “Prepaid cards linked to the cryptocurrency wallets which were used to buy goods such as luxury cars and houses,” the international agency said in its statement.

A report in El Mundo, Spain’s second-largest newspaper, claims Denis K [the mastermind] owned 15,000 bitcoins (currently valued around £84m) at the time of his arrest. Catalan newspaper El Periódico de Catalunyareported that the arrested man lived with his wife and son, drove two BMWs and had jewellery valued at €500,000 within the home. 

If you’ve ever seen any crime film or TV show ever, you’ll know flashing your cash isn’t a very good plan. Yet this mastermind had two BMWs and half a million euros’ of jewellery.

Europol also don’t give any information about how they actually tracked him down. I very much doubt the mules would have known anything about anyone near the top of Carbanak.

I guess we’ll find out in due time though. No doubt there’ll be a number of films made about it.

Or will there?

Why you’ve probably never heard about it

While you could say this is the biggest bank robbery of all time, and has affected multiple banking institutions in many different countries, it didn’t really get much press.

Not while it was all going on, not at the time of the mastermind’s arrest, and not much since.

In fact, it’s very hard to find out which banks were actually affected.

This is because cybercrime is very very bad business for banks. Banks rely on their customers trusting that they will keep their money safe.

If you knew your bank had lost millions of its customers’ money to hackers, how would you feel? Would you really trust it to keep your money safe?

No, the thing most banks and big businesses that get hacked do is keep it quiet. The banks will have simply reimbursed any accounts that were affected and kept shtum.

I have actually been following this story since the Kaspersky report back in 2015; actually come to think it, since before then. And it has never made major news.

Sure, it gets a bit of coverage on Wired – a tech website, and one or two articles in Forbes. But given the scale of what’s going on, shouldn’t it be front-page news all over the world?

We only really hear about these hacking stories when it affects customer’s records, so the institutions are forced to tell us. Otherwise, it’s all kept as quiet as possible.

But rest assured, groups like Carbanak are operating all over the world, 24 hours a day. It’s just we rarely hear about them.

This is just one reason cybersecurity is a world-leading investment opportunity

Which is why cybersecurity will be one of the biggest investment areas, going forward.

The amount of money on the line, for businesses in every industry, is phenomenal.

Having good cybersecurity is just as important as having a lock on your door. You could argue that it is even more so. As hackers can be stealing without the business even finding out for months, or even years.

This is why cybersecurity is what my colleague Eoin Treacy is showing his subscribers how to invest in. Make no mistake, there is a lot of money on the table here. And with every new hack, it’s only ever increasing.

If you want to find out the single best cybersecurity stock Sam believes you can invest in right now, you can take out a trial to his service, Frontier Tech Investor here.

This is an area that will be ever more important as time goes on. And we’ll be keeping you ahead of the game, as it continues to evolve.

Is cybersecurity an area that interests you, and if so, do you invest in it? Let me know in the comments below.

Until next time,

Harry Hamburg
Editor, Exponential Investor

Related Articles:

Category: Technology

From time to time we may tell you about regulated products issued by Southbank Investment Research Limited. With these products your capital is at risk. You can lose some or all of your investment, so never risk more than you can afford to lose. Seek independent advice if you are unsure of the suitability of any investment. Southbank Investment Research Limited is authorised and regulated by the Financial Conduct Authority. FCA No 706697. https://register.fca.org.uk/.

© 2017 Southbank Investment Research Ltd. Registered in England and Wales No 9539630. VAT No GB629 7287 94. Registered Office: 2nd Floor, Crowne House, 56-58 Southwark Street, London, SE1 1UN.

Privacy & cookie policy | Terms and conditions | FAQ | Contact Us | Top ↑