Hackers Steal $1bn from Banks*
The targets make one wonder who the hackers really are…
By Sarah Green
A hacking ring has stolen up to $1bn (€876m) from banks around the world in one of the biggest banking breaches known, according to a cybersecurity firm.
The hackers have been active since at least the end of 2013 and infiltrated over 100 banks in 30 countries, according to Russian security company Kaspersky Lab.
After gaining access to banks’ computers through phishing schemes and other methods, they lurk for months to learn the banks’ systems, taking screen shots and video of employees using computers, the firm says.
Once the hackers become familiar with operations, they use that knowledge to steal money without raising suspicions, programming ATMs to dispense money at specific times or setting up fake accounts and transferring money into them .
The firm’s report is due to be presented today at a security conference in Cancun, Mexico. It was first reported by The New York Times.
The hackers seem to limit the theft to about $10m before moving on, part of the reason why the fraud was not detected earlier, Kaspersky principal security researcher Vicente Diaz said.
Most of the targets have been in Russia, the US, Germany, China, and Ukraine
Among various means of getting into banks’ systems, perpetrators used fake emails from genuine financial institutions, including the Central Bank, with Microsoft Word attachments.
“If a victim who received the letter, a bank employee, had old software, then the system’s vulnerability allowed for the malware to infect the computer,” Lozhkin said.
After that, a number of sophisticated means would let the hackers first learn how that particular employee was working with the bank’s internal programs, than move from one computer to another and eventually gain full access to the bank’s entire system.
“They were then remotely making the banks transfer money to ATMs, so that certain people could then come up to those ATMs and pick the money. Someone was waiting by an ATM for the money to be spitted out [sic],” Lozhkin said.
Something went wrong with the scheme in Ukraine. No one would come for the cash that was suddenly coming out of an ATM. That was exactly when Kaspersky Lab was invited to look into the matter. That little clue eventually gave away the whole of the attack, which was first reported by the New York Times.
The names of the banks affected have not been disclosed. Lozhkin believes they are largely to blame for what happened.
“When it comes to cyber-infrastructure, then even the largest banks are not always careful enough to merely update the software their employees use,” he said. “Sometimes they just forget about it or don’t think [its] important and so the malware can use the system’s vulnerability to penetrate it. That’s the way we see it.”
Kaspersky Lab is continuing its investigation of the attack.