US and UK bust one of the worst cyber banking hacks in a decade, charging Russians in multi-million dollar scheme

Ben Riley-Smith
Masim Yakubets, who led the cyber crime group and now has a $5m bounty on his head

 

The group of Russian hackers allegedly behind one of the worst cyber bank frauds of the last decade was unmasked on Thursday, with its leader indicted in America and the full scale of purported crimes revealed in remarkable detail.

The Moscow-based unit was identified as Evil Corp and dubbed “the world’s most harmful cyber crime group” as British and American officials revealed the results of an investigation into the group and its activities that has lasted a decade.

Maksim Yakubets, 32, was accused of being the group’s leader and was indicted over two separate hacking schemes. A $5 million reward was announced by the US State Department for any information that leads to his arrest.

Customers of nearly 300 organisations in 43 different countries have been targeted by the group, with financial losses in UK alone assessed to be worth hundreds of millions of pounds.

Evil Corp was accused of ruthlessly exploiting online vulnerabilities, tricking people into clicking on internet links that would install viruses, scanning for bank account details and then creating wires transfers to “money mules” working with the hackers.

 

Masim Yakubets, who led the cyber crime group and now has a $5m bounty on his head

 

Victims ranged from small businesses and schools to individuals saving for retirement and even religious groups, including some Franciscan sisters in America who lost tens of thousands of dollars. 

The US Treasury announced sanctions against 17 individuals linked to Evil Corps, including Yakubets, the baby-faced Russian alleged to have hidden behind the moniker ‘Aqua’ online whose image is now on “wanted by the FBI” posters. Seven entities were also sanctioned. 

Yakubets was accused by the US Treasury of working with the Russian spying agency FSB in 2017, including "acquiring confidential documents through cyber-enabled means" for the Russian state. He was also said to have been trying to get a license to work on classified material with the FSB last year.

The claim raises questions about whether the Kremlin is turning a blind eye to notorious computers hackers in its capital, or even leaning on their expertise to support Russia’s nefarious online activities.

 

The hackers stole millions of dollars, officials say Credit: Samuel Corum /Getty

 

The group’s willingness to boast about the proceeds of their alleged criminality online, acting like “extravagant millionaires” according to one senior UK investigator, was said to have helped result in their unmasking.

Videos released by the UK’s National Crime Agency [NCA] featured alleged members of Evil Corp showing off their sports cars and holding up traffic in Moscow as pulled doughnuts in the middle of the street.

Other videos purported to show the hackers petting the group’s lion cub and mucking about on segways. 

According to UK officials, Yakubets has a customized Lamborghini supercar with a personalised number plate that translates to ‘Thief’ and spent a quarter of a million pounds on his wedding.

The announcements were the work of a pain-staking investigation from officials at America’s Justice Department, FBI, State Department and Treasury  as well as Britons at the NCA and Metropolitan Police.

Evil Corp group member Dmitriy Smirnov standing on his Nissan GTR and a Camera Chevrolet, according to the UK's National Crime Agency Credit: SOURCE: NCA

As well as Yakubets a second alleged Russian hacker, the 38-year-old Igor Turashev, was indicted for his role in one of the computer hacking schemes.

Both men are believed to be residing in Russia, meaning they could escape arrest and a trial should they never leave the country.

However US officials insisted it was still worth pursuing them, with one senior FBI official saying: “We have a very long memory and we will never give up.”

The two US indictments involved two different types of malware, with the alleged crimes likened to “a cyber-enabled bank robbery” by one US official.

A photograph from the wedding of Maksim Yakubets in 2017, according to the UK's National Crime Agency Credit: Source: NCA

The US administration announcement accused Yakubets of being behind “two of the worst computer hacking and bank fraud schemes of the past decade”.

Lynne Owens, the NCA director general, said of Evil Corp: “We are unlikely to ever know the full cost, but the impact on the UK alone is assessed to run into the hundreds of millions.”

The response of Yakubets and Turashev to the charges is not known, nor is the response of the other individuals sanctioned by the US Treasury for their links to Evil Corp.

One US official said the Russian government had responded to a request for mutual legal assistance which was “helpful” in the investigation, but only “to a point”.

The Victims

The list of victims from Evil Crop’s alleged criminality is exhaustive, with scores of different businesses and groups losing out thanks to its cyber-hacking schemes.

Everything from a genetics lab in California and a public high school in Pennsylvania to a bank in Nebraska and a dairy company in Ohio were targeted according to court documents.

There was even a group of Franciscan sisters near the outskirts of Chicago who were left $24,141 out of pocket after one member opened an email which appeared to be from her bank.

Audi R8 belonging to an Evil Corp group member, according to the UK's National Crime Agency Credit:  SOURCE: NCA

And that is America alone. Some 300 companies in 43 different countries were said to have been targeted by the Russian hackers, with thousands of victims.

Even that, one senior UK official said, was a “low estimate”. Victims in Britain were not been named on Thursday, but it is understood almost every significant UK financial institution has been targeted at one stage.

Some may be reluctant to report hacks for fear of what would happen to their stock value. 

One US official said that ever dollar stolen amounted to a dollar less for retirement, or a dollar less for the high school sports team, or for business innovation.

"This is why we go to the ends of the world to investigate and prosecute cyber criminals," the official added. 

How they did it

Evil Corps hackers would relentlessly pray on online vulnerabilities through sophisticated schemes that would morph once detected, according to UK and US officials. 

‘Phishing’ emails were sent to thousands of people, sometimes pretending to be genuine messages from banks, in the hope someone would accidentally click the website link included.

Once that happened, malware would be installed which would then search the compromised computer systems for bank account details and passwords that could be exploited. 

Wire transfers would then be setup from the victim's bank account to people dubbed “money mules” who were working with the hackers and would distribute the stolen funds.

Evil Corp group member Andrey Plotnitskiy standing in front of a Porsche, according to the UK's National Crime Agency Credit: SOURCE: NCA

The Evil Corps hackers allegedly made little attempt to hide their ill-gotten gains, spending it on luxury sports cars which they would screech round Moscow.

Asked how people could protect themselves from the group’s members – who remain at large – one US official gave some advice. 

He suggested changing passwords to make them hard to predict and using two-factor authentication for logging into electronic devises.

The official also warned people against clicking on links which they are not certain are authenticate, saying: “Before you click, think hard.”