How criminals stole $1.2 billion and laundered it with cryptocurrency
The Cobalt mastermind has been caught, and we now know how they managed to steal and launder the money.
Over the course of four years, an innovative criminal gang managed to steal over 1 billion euro (around US$1.2 billion). Europol has now announced that the mastermind has been arrested in Alicante, Spain. With the apparent end of the gang, the pieces are falling into place, and it's been revealed how they managed to steal so much and get away with it for so long by laundering money through cryptocurrency and prepaid cards.
Getting the money
The gang used the same method for the entirety of its four-year stint, but constantly refined their tools to stay one step ahead of cybersecurity.
The plan would always start with phishing attacks. These are designed to trick people into installing malware on their computers or to steal personal information and are intended to garner results through sheer numbers and through casting as wide a net as possible.
But this gang used what Europol called a "spear phishing" technique. This is intended to target specific individuals in a quality over quantity approach. In this case, the thieves would impersonate legitimate companies and contact individual bank employees with emails that were loaded with malicious attachments.
When downloaded, these attachments would install the "Anunak" malware, giving the thieves control of the bank employee's computer and giving the criminals access to the internal banking network and the servers controlling the ATMs. As financial institutions detected and fought back against Anunak, the thieves upgraded the malware into the successively more advanced "Carbanak" and then "Cobalt" versions to stay one step ahead.
Once they had access to the bank networks, the money was grabbed in one of the following three ways:
- They would remotely order ATMs to dispense cash at a predetermined time and have someone there to collect the money as it rolled out of the machine.
- They would electronically transfer funds to accounts they controlled.
- They would modify databases to inflate certain bank account balances then send money mules around to withdraw the money.
At its peak, the gang was pulling in up to 10 million euros per heist.
Laundering the money
The money was then laundered in the following ways:
- The money was used to buy prepaid debit cards.
- The cards were then used to buy cryptocurrencies.
- The cryptocurrencies were then used to buy luxury goods, cars and homes directly.
This three-step process was necessary to actually spend large amounts of money without leaving a trail. You can't buy a house or car with a briefcase full of prepaid cards, but if you know where to go, it can be much easier to buy big-ticket items with cryptocurrency. In fact, some importers of luxury goods will specifically request payment in bitcoin or other cryptocurrencies.
The influx of newly wealthy crypto speculators has led many sellers to accept cryptocurrency payments, and cryptocurrency has found an especially lucrative grey market niche in real estate where properties can be more quickly flipped (and some taxes more easily dodged) by buying with crypto and keeping the bank and paperwork out of it.
The prepaid cards were needed to serve as the go-between for fiat money and cryptocurrency. This would most likely have been a painstaking and inefficient process, in which money mules were sent all around Europe to buy up as many prepaid cards as they could at shops all around the continent.
The reason they went to all this trouble was to keep their money safe. Legitimate high-volume fiat-to-crypto exchanges tend to operate to an extremely high legal standard. In many cases, they'll even verify and check their customers more thoroughly than large banks. Meanwhile, low-liquidity exchanges don't let them convert money fast or cost-effectively enough and risk attracting a lot of attention. The dodgier exchanges are an unreliable option for criminals and honest citizens alike.
As such, they couldn't really convert fiat currency directly into cryptocurrency, especially not in large amounts, without leaving a lot of unwanted tracks.
With that off the table, the gang might have been left buying with prepaid cards from cryptocurrency brokers. These brokers act as intermediaries and are themselves often legitimately registered and verified on mainstream exchanges. They buy and sell crypto on demand for customers whom don't want to use the actual exchanges. Prepaid cards were used to remove the paper trail between the brokers and the crooks. Even with the advent of cryptocurrency, prepaid cards are the number one choice for everyday criminals who want to move money anonymously.
"This global operation is a significant success for international police cooperation against a top level cybercriminal organisation," said Steven Wilson, head of Europol's European Cybercrime Centre. "The arrest of the key figure in this crime group illustrates that cybercriminals can no longer hide behind perceived international anonymity. This is another example where the close cooperation between law enforcement agencies on a worldwide scale and trusted private sector partners is having a major impact on top level cyber criminality."
Disclosure: At the time of writing, the author holds ETH, IOTA, ICX, VEN, XLM, BTC and NANO.