London police have charged a man believed to be a member of an eastern European ATM hacking gang that stole more than £1.5m from malware-infected bank cash machines in the UK in 2014.
The 30-year-old Ionut Emanual Leahu was charged with conspiracy to defraud after being arrested in Bacau, Romania by officers of the London Regional Fraud Team run by the City of London Police and the Metropolitan Police. In 2014, Grigore Paladi was sentenced to five years in jail for his role in the gang, and in 2015, Teofil Bortos was sentenced to seven years in jail.
Leahu appeared at the City of London Magistrates Court and was remanded in custody until the 28 October 2016, when he will appear at Inner London Crown Court. The gang targeted 51 cash machines in standalone public places across the UK over the 2014 May Bank Holiday weekend.
Each machine was physically broken into and infected with malware before large amounts of cash was withdrawn. The malware subsequently deleted itself, making it difficult to identify the cause of the attacks, but police said the physical nature of the infiltration meant customer data was not compromised.
Police are still seeking a third suspect for whom a European Arrest Warrant has been issued. Commenting on the latest arrest, London Regional Fraud Team head, detective inspector Matthew Mountford, said it demonstrated his team’s determination to track down the gang members.
“Operating across borders has its challenges, but overseas law enforcement have been extremely co-operative, especially in Romania. Working together we will continue to ensure that organised criminal gang members have nowhere to hide,” he said.
In January 2016, European police arrested eight cyber criminals who raided ATMs across the continent using Tyupkin malware. The malware enabled the gang of Romanian and Moldovan nationals to manipulate ATMs and empty cash cassettes.
An investigation by security firm Kaspersky Lab in 2014 found that the Tyupkin ATM malware was found mainly in Eastern Europe, but was also in use in the US, India and China. Speaking at IPExpo 2016 in London, Kaspersky Lab chief Eugene Kaspersky described ATMs as “computers with cash”.
“We are living in a dangerous world, where we can’t trust anything. Cyber is now just about everywhere, and it is vulnerable. Everything can be stolen and is open to compromise,” he said. According to Europol, there has been a major increase in ATM attacks using malicious software in the past few years.