Cyber crooks in Russia pulled off a big bank heist the new-fashioned way — by computer.

Not Oceans 12, but Oceans 50: dozens of sketchy programmers working from home to steal millions from banks in Russia. 

But it’s not just a Russia thing. 

Criminals all over the world will try this same kind of attack on your bank — and your money.

Archer News Network’s Kerry Tomlinson takes us to Russia for a look at how things went down.

Watch video here:


Archer News Network takes you to Ekaterinburg, Russia, for a look at one of cyber crime’s notorious bank theft gangs.


Crooks don’t need smoke grenades and guns to rob banks.

Now they can use computers. 

And one of the leaders of the pack was the Lurk gang, with masterminds in Ekaterinburg, Russia.

Ekaterinburg was founded three hundred years ago and named for Catherine the Great.

Once a center for metalwork and mining, now some use digital skills to build their riches in a nefarious way — shaking down Russian banks from behind a computer screen.

The Lurk gang stole millions of rubles, adding up to more than 25 million dollars, according to the Federal Security Service of Russia, or FSB.


Ekaterinburg, Russia. Image credit: Archer News


“The people who were involved were very skilled,” said Cameron Camp with cybersecurity company ESET.

Skilled, with novel ideas and bravado, he told Archer News.

“It was no trivial task what they did, the way they evaded detection, the way they evaded analysis,” Camp said.

First, they put out job ads for gigs like software developer, according to cybersecurity company Kaspersky Lab, which says it helped law enforcement investigate the crimes.

Lurk personnel could work from home, each building a part of a digital machine designed to strip banks bare over the Internet.


Home in Ekaterinburg, Russia. Image credit: Archer News


The masterminds could segment tasks so that no one person knows everything — except the masterminds, according to Camp.

“They have one person whose only job is to break down the door, you have one person whose only job it is to go in there and capture a laptop and take a hard drive,” Camp explained.

“If all your job in the chain is to take the bag and deliver it to the street corner, you don’t know anything else, and that’s by design,” he said.

They poisoned web sites with malware, like magazine sites for accountants and other spots, Kaspersky researchers reported.

The sophisticated malware would search your computer for banking programs.

If it found the right program, it could wait for you to sign on, put up a new screen over the real one and change the data in your account undercover.

You might think you were sending $100 to your grandmother, for example.

But the malware could secretly send $1,000 to a gang account instead, all the while showing you the $100 transaction.

They could even trick you into asking for another text code from your bank to seal the deal.

Then it was time to collect.

The gang sent out “mules” to pick up the money from ATMs, not just in Ekaterinburg, but all over the country.


ATM receipt in Ekaterinburg, Russia. Image credit: Archer News


But the Lurk gang was playing a risky game.

Many cyber crooks target other countries, far from their local law enforcement.

Lurk attacked banks in its own country, Russia.

And according to the Russian government, Lurk got caught.

Agents raided dozens of homes and businesses, arresting 50 people around the country in May 2016, the FSB reported

In the Ekaterinburg area, three alleged masterminds went down along with 11 other cohorts, said Russian publication Komsomolskaya Pravda.

Law enforcement reported finding luxury cars, jewelry, cash and guns.

In January 2017, they arrested nine more people.


Russian law enforcement arrested 59 people in connection with the Lurk attacks in 2016 & 2017. Image credit: MVD & FSB


A Russian person attacking another country may be out of reach, Camp said.

“Not so if you’re a Russian person in Russia, and as we saw, the goons show up and doom reigns on you,” Camp said.

The danger to people’s money isn’t over.

“They always keep going. The thing is, the genie is out of the bottle,” said Robert Knapp, CEO of Cyber Ghost, based in Romania.

New attackers can take the Lurk malware and improve upon it, Knapp told Archer News, especially with the immense cyber talent in Russia and Eastern Europe.

“It’s incredible and the level is amazing,” he said.


Weapons shown in Lurk gang arrest video. Image credit: MVD & FSB


Experts have predicted cyber crooks using this kind of malware will now expand their geography, moving beyond the limits of their country, choosing victims around the world. 

“I think if we put one generation of these guys in jail,” Knapp said, “then I think the next generation is already waiting for its chance.”

“We are not getting out of it. In one way or another, we have to tackle it,” he said.


Main image: ATM in Russia. Image credit: Archer News

Music video shown in video story: