In one of the more remarkable cybercrime busts in recent memory, twin brothers have been arrested in St Petersburg, Russia, as part of a police operation looking into fraud affecting state-owned Sberbank , the nation’s biggest financial institution, and other major national banks.
The brothers, who made as much as 12 million rubles ($225,000) in less than two years, were already on probation for previous fraud-related crimes and knew they might have trouble from local law enforcement if caught again, said Russian cyber intelligence firm Group-IB, which helped with the investigation. Hence the purchase of an armored door for their apartment and an electromagnetic transducer to make data on their computer equipment inaccessible, according to Group-IB. It’s believed they were already committing identity fraud during the trial for their original crimes, though at the time it was impossible to prove they were guilty, a process that took three years of collecting evidence working alongside the FSB and the Investigative Department of the Russian Ministry of Internal Affairs, the firm said.
According to the intel provider, which alerted FORBES to the events of 20 May today, the hackers had also set up SMS alerts to tell other members of the group to destroy evidence and when the police arrived, breaking down the armored door, the twins tried to destroy all the evidence and flush their cash down the drain, along with thumb drives and mobile phones. But their efforts were to no avail, said Group-IB, which worked with police to collect and analyse evidence from the apartment.
Their alleged criminal operation was multifaceted. First, visitors to compromised websites were infected with banking Trojans controlled by the brothers. When an infected user attempted to visit their bank site, the malware would display a fake page to gather their username and password, as well as a phone number. Though that allowed the hackers into the online account, they needed to find a way to collect the one-time SMS codes sent to the victim’s phone, which are required to authorise transfers.
This is where social engineering, fuelled by the information already gleaned from the hacked account, came into play. They called their targets pretending to be a bank employee, convincing them to cough up the code, or take them to another fake site where they would type in the authorisation number, which would be sent back to the hackers. Then it was game over, their accounts emptied.
Across 2013 and 2015 the criminals gained access to more than 7,000 customer accounts in Russian banks, noted a statement from the Russian Ministry of Internal Affairs released this morning. The average amount of theft per account was about 70,000 rubles ($1,320), the biggest 1 million rubles ($19,000). In some months they earned as much as 1.5 million rubles ($28,300).
A number of associates were detained together with the group leaders, Group-IB said. The names of the Russian siblings and their alleged crooked colleagues have not yet been revealed.
This isn’t the first notable case of twins working together for criminal purposes. In 1998, Chinese brothers Hao Jinglong and Hao Jingwen were sentenced to death for breaking into a bank’s computer network and stealing 720,000 yuan ($87,000), small fry in today’s world of million dollar digital heists.