It looks like a few Russian hackers have just pulled off the biggest bank heist ever.
The numbers are shocking: hundreds of millions of dollars were stolen
from 100 banks in 30 countries. The exact amount is unknown at this
point. On top of that, the banks could lose possibly hundreds of
millions more in related costs. And it all went mostly unnoticed until
sometime last year.
On Monday, Russian cybersecurity firm
Kaspersky released its report painting a startling picture of a
worldwide operation that infiltrated major banks and turned ATMs into
cash-spewing zombies.
What did they hit?
These hackers mostly attacked banks in Russia, but they also went after
financial institutions in the United States, Germany, China and
Ukraine, according to Kaspersky. The company declined to name specific
banks, citing ongoing client relationships.
Kaspersky managing
director Christopher Doggett said researchers managed to discover as
much as they did by hacking into the hackers' computer servers.
"All of the cybercrime we've seen up until this point has been to a different level," he said.
What did they get?
Hackers managed to steal the money in all sorts of creative ways, Doggett said. They managed to take $7.3 million by reprogramming a single bank's ATMs. Another bank lost $10 million from its hacked online platform alone.
Then there's sensitive consumer data. The hackers were also deep enough
in the computer systems at banks to gain information about their
customers. For instance, hackers had full access to all email accounts
at several Russian banks, according to Kaspersky.
Hackers also
managed to obtain the secret keys that ATMs use to make sure your PIN is
valid, Kaspersky said. It's unclear what they could do with such
information.
How did they do it?
Hackers used botnets -- fleets of spam-spewing slave computers -- to send out wave after wave of malware-laced emails.
Bank employees who opened them inadvertently let hackers sneak into computers. The criminals eventually gained complete control of the systems using employee credentials.
With that authority, hackers opened accounts in different places and
moved money around at will. Kaspersky notes that, in some cases, they
used the interbank network SWIFT (Society for Worldwide Interbank
Financial Telecommunication) to quickly shift funds from one place to
another.
By having full access to email exchanges, hackers also
became intimately familiar with banks' anti-fraud measures. They also
learned how to avoid setting off alarms.
For example, they
limited theft at any single bank to $10 million to avoid triggering a
full-blown analysis, Kaspersky's report said.
Then there's this
painful realization: One bank could have avoided getting hacked in a
particular way if its employees had just applied the usual Microsoft
update, Doggett said.
Who is behind this
Kaspersky researchers traced this attack back to hackers in Russia,
China and several spots in Eastern Europe, Doggett said. The report
described them as criminals -- not a nation state -- and noted that they
mainly targeted Russian-speaking banks with malware-laced emails in
Russian.
But one Dutch Internet security firm, Fox IT, claims
this attack bears all the hallmarks of a small group of Russian hackers
that attacked Russian banks in a similar fashion last year. They used
the same malware to break into bank computers, reprogram ATMs and hack
into the payment systems at a dozen American retailers.
But Kaspersky said it's too early to tell if both hacking groups are the same.
No comments:
Post a Comment