Page 29 - Bloomberg Businessweek July 2018
P. 29
Bloomberg Businessweek
THE HEIST ISSUE
GHOSTS
A global dragnet nabbed the alleged mastermind behind the biggest
digital bank heist in history. That doesn’t mean it’s over
By Charlie Devereux, Franz Wild, and Edward Robinson
Illustration by Keith Rankin
IN THE
AUTOMATED TELLER MACHINE
A s night fell in Taipei on July 10, 2016, most people in trated the digital inner sanctums of more than 100 banks
Since late 2013, this band of cybercriminals has pene-
the city were hunkered down to ride out the end of a
typhoon. Not Sergey Berezovsky and Vladimir Berkman. in 40 nations, including Germany, Russia, Ukraine, and the
The two Russians made their way through the rain to an U.S., and stolen about $1.2 billion, according to Europol, 47
ATM at First Commercial Bank, one of Taiwan’s top lend- the European Union’s law enforcement agency. The string
ers. Wearing hats and antipollution masks, they loitered of thefts, collectively dubbed Carbanak—a mashup of a
at the machine for a moment. Then, as the astonished hacking program and the word “bank”—is believed to be
couple in line behind them later told the police, the ATM the biggest digital bank heist ever. In a series of exclusive
started disgorging cash without either man touching it. interviews with Bloomberg Businessweek, law enforcement
The men shoved the bills into a satchel and brushed past officials and computer-crime experts provided revelations
them. As the Russians drove off in a black sedan, the cou- about their three-year pursuit of the gang and the mechan-
ple spotted something on the ground: One of the guys had ics of a caper that’s become the stuff of legend in the dig-
dropped his bank card. ital underworld.
By the time detectives traced Berezovsky and Berkman Besides forcing ATMs to cough up money, the thieves
to the nearby Grand Hyatt the next day, the Russians had inflated account balances and shuttled millions of dol-
already jetted off to Moscow by way of Hong Kong. And lars around the globe. Deploying the same espionage
they were just two of 15 “money mules” who’d hit 41 ATMs methods used by intelligence agencies, they appropri-
at 22 branches of First Commercial over that stormy week- ated the identities of network administrators and exec-
end, the cops learned, taking 83 million New Taiwan dol- utives and plumbed files for sensitive information about
lars (NT$), or about $2.6 million. Hackers, investigators security and account management practices. The gang
discovered, had forced the machines to spit out cash. operated through remotely accessed computers and hid
The Carbanak gang had struck again. their tracks in a sea of internet addresses. “Carbanak is
Before WannaCry, before the Sony Pictures hack, and the first time we saw such novel methods used to pene-
before the breaches that opened up Equifax and Yahoo!, trate big financial institutions and their networks,” says
there was a nasty bit of malware known as Carbanak. James Chappell, co-founder and chief innovation officer
Unlike those spectacular attacks, this malware wasn’t cre- of Digital Shadows Ltd., a London intelligence firm that
ated by people interested in paralyzing institutions for ran- works with the Bank of England and other lending insti-
som, publishing embarrassing emails, or taking personal tutions. “It’s the breadth of the attacks, that’s what’s truly
data. The Carbanak guys just wanted loot, and lots of it. different about this one.”
July 2, 2018
