Member
- Joined
- Oct 10, 2023
- Messages
- 133
- Thread Author
- #1
The National Judicial Board of Spain has sentenced Russian hacker Denis Tokarenko to four years and six months in prison. This is stated in the decision of the legal instance distributed on Friday.
According to her, the convict " created a malicious program with which he infected the computers of banking institutions in different countries of the world from his home in Alicante, which allowed him to remotely control ATMs in order to extract money and thus receive almost €5 million."
The court clarified that Denis Tokarenko received three years in prison for computer fraud, another six months for participating in the activities of a criminal group, falsifying official documents and money laundering. In addition, the convict was fined €6 million. His girlfriend, a citizen of Ukraine Yulia Glushenkova, received six months in prison and a 300 thousand euro fine for money laundering.
As explained in the judicial board, the trial began after notification from the Belgian authorities about the existence of a criminal organization that engaged in fraud in different countries. Investigators found that members of the group sent emails to bank employees, posing as companies with which the institutions worked. After a bank employee opened the email, the malware infected the bank's computer system, which allowed fraudsters to " manage bank accounts and ATMs remotely."
The court added that Tokarenko was able to infect the Bank of Taiwan with the program in 2016. Members of the group withdrew cash from ATMs of the institution in the amount of more than $2.6 million. However, Taiwan's law enforcement agencies managed to arrest two people and recover almost all the funds. According to investigators, Tokarenko is also involved in similar fraud against banks in Azerbaijan, Belarus, Kazakhstan and Romania.
The decision of the judicial board of Spain specifies that Tokarenko acted from Spain and had three accomplices who were located outside the kingdom. The scammers divided the received funds among themselves, and part of the money was also used to pay for the work of third parties.
+++
Katana from Alicante. How to solve the biggest digital heist in history
From the outside, it may seem that "Russian hackers" is about politics, and not about money. In fact, everything is different. Only one Russian hacker group has learned how to break into banking systems so that it can withdraw $12 million a day from banks. Since 2013, the attacks of the criminals have been more than 100 banks in 40 countries, including USA, Russia, Germany and Ukraine. In total, during their existence, they stole $1.2 billion — and this is the "largest digital robbery" in history. We tell you how they were looking for "Russian hackers", and why even after the gang leader was detained, crimes continue.
How Carbanak worked
These hackers just wanted money, and as much as possible, writes Bloomberg Businessweek. The alleged leader of Carbanak, Denis Tokarenko, moved from Russia to Alicante in Spain in 2015 and changed his last name to Catana. In March, he was arrested by the Spanish police, but it seems that it was too late: Carbanak managed to have many improved clones, including one widely known name — the Cobalt group created by Tokarenko himself. Only at the end of May, cybersecurity experts warned about new attacks by Cobalt hackers on banks in Russia and the CIS.
It became known about Carbanak in 2013-2014, when the heads of one of the Ukrainian banks contacted Kaspersky Lab, saying that money began to disappear from their accounts. The bank's cameras recorded people withdrawing money from ATMs without cards or entering a PIN code. At first, the Lab thought they were just ordinary thieves hacking into specific ATMs, but what they found turned out to be a completely different phenomenon, recalls David Emm, the company's chief cybersecurity researcher.
It all started with sending phishing emails disguised as official emails to employees of the victim bank. As a rule, a Microsoft Word document was attached to the emails, and when it was opened, malicious code was downloaded to the computer, which spread through the internal banking network, infected ATM servers and controllers, and transmitted information to third-party servers of hackers. Moreover, the criminals took control of the web cameras of corporate computers of banks, took screenshots and wrote down combinations on keyboards.
Hacking one bank took 2-4 months — hackers were looking for employees with the authority to manage cash flows between accounts, different lenders and ATMs. They also found out how and at what point the bank redirected money. All this was necessary so as not to attract the attention of security personnel later. At the right moment, the criminals used the verification codes of bank employees to conduct transactions that looked completely legal.
Thus, money without entering a card or pin code was withdrawn from ATMs, which were taken away by accomplices — "money mules". "Carbanak was the first person we saw to use such innovative methods to break into the networks of large financial institutions," says James Chappell, co-founder of Digital Shadows, which advises major European banks on cybersecurity issues.
Global investigation
Bloomberg spoke with the police and cybersecurity experts who handled the case, and explains how the perpetrators were eventually tracked down.
By the fall of 2014, the European authorities realized that in the case of these attacks, they were dealing with something very powerful and completely new. The head of the European Banking Federation's cybersecurity group, Keith Gross, called an urgent meeting with experts from Citigroup, Deutsche Bank and other major European banking organizations. Experts from Kaspersky Lab told the audience about what they found out in Ukraine. "I've never seen something like this before. This is a well-organized virus attack, very complex and global, " recalls Trols Orting,who at that time was head of the cybersecurity department of the European Police. Europol also began to act globally — the law enforcement agencies of Moldova, Belarus, Romania, Spain, Taiwan and, of course, the United States were connected.
Investigators created a special information exchange center where they could compare data and find links between thefts, recalls Fernando Ruiz, who is now responsible for cybersecurity at Europol. The center's work was based on a laboratory where specialists examined malware code samples obtained after the Carbanak attacks. By identifying individual characteristics of the code, detectives could track where the software came from and who used it. The investigation led them to Tokarenko's apartment in Alicante, and the Spanish police began to monitor him.
According to her, the convict " created a malicious program with which he infected the computers of banking institutions in different countries of the world from his home in Alicante, which allowed him to remotely control ATMs in order to extract money and thus receive almost €5 million."
The court clarified that Denis Tokarenko received three years in prison for computer fraud, another six months for participating in the activities of a criminal group, falsifying official documents and money laundering. In addition, the convict was fined €6 million. His girlfriend, a citizen of Ukraine Yulia Glushenkova, received six months in prison and a 300 thousand euro fine for money laundering.
As explained in the judicial board, the trial began after notification from the Belgian authorities about the existence of a criminal organization that engaged in fraud in different countries. Investigators found that members of the group sent emails to bank employees, posing as companies with which the institutions worked. After a bank employee opened the email, the malware infected the bank's computer system, which allowed fraudsters to " manage bank accounts and ATMs remotely."
The court added that Tokarenko was able to infect the Bank of Taiwan with the program in 2016. Members of the group withdrew cash from ATMs of the institution in the amount of more than $2.6 million. However, Taiwan's law enforcement agencies managed to arrest two people and recover almost all the funds. According to investigators, Tokarenko is also involved in similar fraud against banks in Azerbaijan, Belarus, Kazakhstan and Romania.
The decision of the judicial board of Spain specifies that Tokarenko acted from Spain and had three accomplices who were located outside the kingdom. The scammers divided the received funds among themselves, and part of the money was also used to pay for the work of third parties.
+++
Katana from Alicante. How to solve the biggest digital heist in history
From the outside, it may seem that "Russian hackers" is about politics, and not about money. In fact, everything is different. Only one Russian hacker group has learned how to break into banking systems so that it can withdraw $12 million a day from banks. Since 2013, the attacks of the criminals have been more than 100 banks in 40 countries, including USA, Russia, Germany and Ukraine. In total, during their existence, they stole $1.2 billion — and this is the "largest digital robbery" in history. We tell you how they were looking for "Russian hackers", and why even after the gang leader was detained, crimes continue.
How Carbanak worked
These hackers just wanted money, and as much as possible, writes Bloomberg Businessweek. The alleged leader of Carbanak, Denis Tokarenko, moved from Russia to Alicante in Spain in 2015 and changed his last name to Catana. In March, he was arrested by the Spanish police, but it seems that it was too late: Carbanak managed to have many improved clones, including one widely known name — the Cobalt group created by Tokarenko himself. Only at the end of May, cybersecurity experts warned about new attacks by Cobalt hackers on banks in Russia and the CIS.
It became known about Carbanak in 2013-2014, when the heads of one of the Ukrainian banks contacted Kaspersky Lab, saying that money began to disappear from their accounts. The bank's cameras recorded people withdrawing money from ATMs without cards or entering a PIN code. At first, the Lab thought they were just ordinary thieves hacking into specific ATMs, but what they found turned out to be a completely different phenomenon, recalls David Emm, the company's chief cybersecurity researcher.
It all started with sending phishing emails disguised as official emails to employees of the victim bank. As a rule, a Microsoft Word document was attached to the emails, and when it was opened, malicious code was downloaded to the computer, which spread through the internal banking network, infected ATM servers and controllers, and transmitted information to third-party servers of hackers. Moreover, the criminals took control of the web cameras of corporate computers of banks, took screenshots and wrote down combinations on keyboards.
Hacking one bank took 2-4 months — hackers were looking for employees with the authority to manage cash flows between accounts, different lenders and ATMs. They also found out how and at what point the bank redirected money. All this was necessary so as not to attract the attention of security personnel later. At the right moment, the criminals used the verification codes of bank employees to conduct transactions that looked completely legal.
Thus, money without entering a card or pin code was withdrawn from ATMs, which were taken away by accomplices — "money mules". "Carbanak was the first person we saw to use such innovative methods to break into the networks of large financial institutions," says James Chappell, co-founder of Digital Shadows, which advises major European banks on cybersecurity issues.
Global investigation
Bloomberg spoke with the police and cybersecurity experts who handled the case, and explains how the perpetrators were eventually tracked down.
By the fall of 2014, the European authorities realized that in the case of these attacks, they were dealing with something very powerful and completely new. The head of the European Banking Federation's cybersecurity group, Keith Gross, called an urgent meeting with experts from Citigroup, Deutsche Bank and other major European banking organizations. Experts from Kaspersky Lab told the audience about what they found out in Ukraine. "I've never seen something like this before. This is a well-organized virus attack, very complex and global, " recalls Trols Orting,who at that time was head of the cybersecurity department of the European Police. Europol also began to act globally — the law enforcement agencies of Moldova, Belarus, Romania, Spain, Taiwan and, of course, the United States were connected.
Investigators created a special information exchange center where they could compare data and find links between thefts, recalls Fernando Ruiz, who is now responsible for cybersecurity at Europol. The center's work was based on a laboratory where specialists examined malware code samples obtained after the Carbanak attacks. By identifying individual characteristics of the code, detectives could track where the software came from and who used it. The investigation led them to Tokarenko's apartment in Alicante, and the Spanish police began to monitor him.