Law enforcement authorities from Europe and Asia have arrested five members of an international cybercriminal group that specialized in hacking into automated teller machine (ATMs).
The investigation began in early 2016, according to Europol. Three suspects were arrested in Taiwan, one in Romania, and one in Belarus. Most of them had multiple citizenships and could travel easily between countries, the agency said Friday.
Hacking into ATMs to steal money is nothing new, and there are malware programs built specifically for such machines that allow criminals to withdraw money using hidden commands.
To infect ATMs with such malware most attackers either receive help from bank insiders or buy service keys that can be used to open the front panels of ATMs and access their communications ports.
However, the gang targeted by this law enforcement investigation had a different modus operandi. They used spear-phishing to target bank employees and penetrate the banks’ internal networks. They then located and hacked into the ATM network segment from the inside.
Targeting and compromising financial institutions instead of their customers is a more recent technique. A year ago, researchers from antivirus vendor Kaspersky Lab warned about three cybercriminal groups that hacked into banks’ computer networks.
Some of them can wait for months or even a year inside a compromised network before they start stealing money, during which they carefully observe and gather information about the target’s internal procedures, money moving processes, and key employees.
One such gang dubbed Carbanak stole between US$500 million and $1 billion from hundreds of financial institutions in at least 30 countries.
Compared to Carbanak, the losses to banks caused by the five arrested suspects are estimated at around $3.2 million. Two of them have already been convicted, Europol said. It’s unclear when all of the arrests happened.