After an investigation initiated by the security service of Sberbank, Russia’s national savings bank, the activities of an organized criminal group of hackers that specialize in stealing money from the bank accounts of companies have been suppressed.
This was achieved thanks to joint efforts by the Bureau of Special Technical Measures (BSTM) and the Russian FSB Information Security Center, in collaboration with the Main Investigations Directorate of the Moscow Head Department of the Russian Ministry of Internal Affairs, and with assistance from Group-IB.
The operation to arrest the members of Carberp gang – the creator of one of the world’s largest botnets used to compromise remote banking systems – was carried out on March 14, 2012. A court in Lublin convicted the criminals in April 7, 2014 and sentenced them to 5 and 8 years’ imprisonment.
This precedent created for hackers is an unambiguous signal that online theft is no more a means for easy and safe “earnings” because today it is possible not only to identify the criminals but also to collect sufficient evidence for sentencing.
The convicted hackers organized the largest criminal group that engaged in stealing funds from corporate bank accounts. This gang existed for two years. In the last three months alone, someone was able to steal about 130 million rubles. A malware was used to commit the theft. This malicious program secures direct remote access to an infected computer. After the criminal has gained remote access, he waited for the token with a digital signature key to be connected, after which he was able to make a payment from a customer’s account. In some cases, the program was able to automatically make payments without providing remote access.
“During investigations launched by Group-IB, data were recovered, correspondence and protected information storages seized by law enforcement officers from the hackers were deciphered. Almost a complete chronology of the activities of the criminals behind the computer was rebuilt to search for evidence of their involvement in the crime. The results of eleven expert examinations and two investigations conducted by our company were unconditionally accepted by the court and they helped in proving the guilt of the suspects. For our own part, we are ready to channel all our resources and capabilities towards preventing and investigating cybercrime and fraud, of course, using the most advanced technologies”, Ilya Sachkov disclosed.
Let’s recall that the investigations carried out in 2012, as well as monitoring over the activities of cybercriminals enabled Group-IB experts to identify 12 organized criminal groups operating in Russia – 8 of them specialize in Internet banking theft from corporate bank accounts, while the other four carry out similar criminal activities but against individuals. According to a report by the Bank of Russia, in the second half of 2012 alone, banks recorded 7870 incidents of which 43.1% related to illegal transfer of funds through internet banking. Thus, according to statistics from the Bank of Russia, about 28 thefts on average are committed every day. Considering that the average amount of money stolen from companies and individuals stands at 1,641,000 rubles and 75,000 rubles respectively (according to Group-IB), $445.81 million was stolen in Russia and CIS countries alone in 2012.
It should also be noted that since 2012, the cybercrime market decreased by 6% in 2012. The main reason for such decline in the number of thefts is of course elimination of the most active criminal groups by law enforcement officers with direct participation and use of Group-IB’s unique technologies.
