Digital bank robber, who let vending machines spit out, arrested

The man who presumably was behind a gigantic series of digital bank robberies has been arrested in Alicante, Spain.

The identity of the suspect has not been disclosed. The cyber criminals always proceeded in the same way: first they sent e-mails with infected attachments to bank employees. Those mails were supposedly from real companies. If an unsuspecting employee opened the attachment, the malicious software was installed. With that they could penetrate little by little into the important systems of banks.

The gang also got access to the servers with which cash machines are controlled. They could order a vending machine to 'spit out' money. An accomplice stood beside the machine to receive the money. The software could also ensure that more money appeared on a bank account, the balance was artificially inflated. They could withdraw and withdraw that money.

The gang started at the end of 2013 with a malware called Anunak. That was later improved. The new versions were called Carbanak and Cobalt. Among the affected countries are Belgium, Spain, Great Britain and Russia. The Netherlands remained, as far as is known, out of scope.