Authorities spent three years collecting evidence

Jun 2, 2015 13:25 GMT  ·  By

Recently arrested twins from Russia had set up an operation that would rely on social engineering to extract from victims the temporary passwords that allowed them to make fraudulent online banking transfers.

Catching the brothers red handed involved efforts from the Information Security Center of the Russian FSB, the Investigative Department of the Russian Ministry of Internal Affairs, the security department of Sberbank, and the assistance of Group-IB security company.

OTP codes obtained by simply asking for them

The brothers lived in Saint Petersburg and led a cybercriminal group that would compromise Russian computers with malware designed to steal online banking passwords.

However, even with access to the victim’s bank account, the crooks needed to bypass the one-time password (OTP) security mechanism implemented by the financial institution to protect its clients against fraudulent transactions.

The codes are temporary and can be generated by a physical device or sent by the bank to the mobile phone of the client via the short messaging service (SMS).

To obtain the ephemeral passwords, the twins resorted to cold calling the victims and introducing themselves as bank employees. Under this guise, they would request the SMS authorization code that allowed them access to the accounts in order to empty them.

Fraudsters were prepared for police raid, but still had no time to react

According to a post from Group-IB on Tuesday, the brothers were under probation for similar deeds when they restarted the activity, and although their involvement in illegal activities was known, no evidence could be gathered to lead to their arrest.

“The process of evidence collection took three years,” Group-IB said, adding that the operation ended on May 20, when police took them into custody along with their accomplices.

When law enforcement came busting in, the twins attempted to destroy evidence by flushing down the drain money, USB flash drives and mobile phones.

“During the search in the twins’ flat, it became clear that the criminals were well prepared for the appearance of law enforcement: the apartment had an armored door, electromagnetic transducer to destroy computer equipment, the brothers also prepared special SMS alerts to secretly tell other members of the group to destroy evidence,” the security company says.

Police busted through armored door
Police busted through armored door

Photo Gallery (2 Images)

Fraudsters tried to flush money down the drain
Police busted through armored door
Open gallery