The Romanian authorities suspect that these hackers could have hacked the banks to clone the payment cards which were then used in various ATMs across the world to steal more than $15 million.
As per the Romanian authorities, it seems the cyber gang were well coordinated and they properly chalked out the withdrawals in batches over a shorter intervals and also it was planned out on ‘non business’ days of the financial institutions (banks).
For example: On February 20th 2013, $9 million/ €8.3 million was withdrawn from the ATMs across Japan by these criminals. Similarly, on December 2nd 2013, the gang hit almost 4,200 transactions that totaled to $ 5 million / €4.6 million in cash from ATMs across 15 Romanian cities. This clearly indicates that within a year the gang made almost 34,000 ATM transactions in 24 countries.
The DIICOT further added that the gang also were able to carry out their fraudulent withdrawals in US, UK, Germany, Italy, Spain, Netherlands, Canada, Colombia, Dominican Republic, Mexico, Indonesia, Egypt, Malaysia, Russia, Sri Lanka, Thailand, Ukraine, the United Arab Emirates, Pakistan, and Latvia.
On Sunday, the Romanian authorities carried out the execution in six cities that included 42 house searches. Police have seized 16 laptops, smartphones which were used for the heinous activity by the gang members. Further, the authorities also seized 2 kg / 4.4 lbs of gold bars, €150,000 / $163,000 in cash and paintings. It seems the money acquired from the heist was also invested into real estate and other valuable goods by the group leaders, for now these all have been placed under restrictions till further investigations, as told by DIICOT.
Also this is not a first cyber heist, a similar scenario was seen when a gang known as Carbanak was successful in stealing $ 1 billion from various banks and other financial institutions across 25 countries. The researchers at Kaspersky Lab, in February, reported the actual technique that was used by the criminals. As per the report, the criminals used spear phishing method wherein they targeted the victim’s network by sending emails with malicious attachments. With this malware the criminals infected the computers systems of the bank and financial institutions and carefully learnt the internal procedures with which they were able to jump the network until they reached their point of interest which is to extract the money using the infected entity. Since every bank would follow different methods, the infected computer were used to record videos and these shots were sent to the servers of the attackers to learn the commands that is used for withdrawal of money, thus the criminals were successful in their heists.
As per the report from security researchers the general trend seen among organized cybercrooks is to target the banks and large financial institutions instead of the customers to hit bigger heists.