 |
|
A hacking
ring has stolen up to $1billion
according to Russian security company Kaspersky Lab (Photo: Daily Mail)
|
A hacking
ring has stolen up to US$1billion from banks around the world in what would be
one of the biggest banking breaches known, a Russian cybersecurity firm says in
a report.
Questions
were raised in late 2013 when an ATM in Kiev, Ukraine, began dispensing money
at random times, when no one had put in a card or touched a button, according to Daily Mail.
Security
cameras shows that money would be picked up by customers who appeared to be in
the right place at the right time.
But when
Kaspersky Lab was called in to investigate, it was revealed that the ATM was
part of a much-larger banking breach.
The
hackers have been active since at least the end of 2013 and infiltrated more than
100 banks in 30 countries, according to Russian security company Kaspersky Lab.
After
gaining access to banks' computers through phishing schemes and other methods,
they lurk for months to learn the banks' systems, taking screen shots and even
video of employees using their computers, the report says.
Once the
hackers become familiar with the banks' operations, they use that knowledge to
steal money without raising suspicions, programming ATMs to dispense money at
specific times or setting up fake accounts and transferring money into them,
according to Kaspersky.
 |
|
“The goal
was to mimic their activities,” said Sergey Golovanov of Kaspersky, about how
the thieves targeted bank employees. Credit Raphael Satter/Associated Press;
Image source: The New York Times
|
The report
is set to be presented on Monday at a security conference in Cancun, Mexico. It
was first reported by The New York
Times.
The
hackers seem to limit their theft to about US$10million before moving on to
another bank, part of the reason why the fraud was not detected earlier,
Kaspersky principal security researcher Vicente Diaz said in a telephone
interview with The Associated Press.
The
attacks are unusual because they target the banks themselves rather than
customers and their account information, Diaz said.
The goal
seems to be financial gain rather than espionage, he said.
'In this
case they are not interested in information. They're only interested in the
money,' he said. 'They're flexible and quite aggressive and use any tool they
find useful for doing whatever they want to do.'
Most of
the targets have been in Russia, the United States, Germany, China and Ukraine,
although the attackers may be expanding throughout Asia, the Middle East,
Africa and Europe, Kaspersky says.
In one
case, a bank lost US$7.3million through ATM fraud. In another case, a financial
institution lost US$10million by the attackers exploiting its online banking
platform.
Kaspersky
did not identify the banks and is still working with law-enforcement agencies
to investigate the attacks, which the company says are ongoing.
The
Financial Services Information Sharing and Analysis Center, a nonprofit that
alerts banks about hacking activity, said in a statement that its members
received a briefing about the report in January.
'We cannot
comment on individual actions our members have taken, but on balance we believe
our members are taking appropriate actions to prevent and detect these kinds of
attacks and minimize any effects on their customers,' the organization said in
a statement.
'The
report that Russian banks were the primary victims of these attacks may be a
significant change in targeting strategy by Russian-speaking cybercriminals.'
The White
House is putting an increasing focus on cybersecurity in the wake of numerous
data breaches of companies ranging from mass retailers like Target and Home
Depot to Sony Pictures Entertainment and health insurer Anthem.
The administration wants
Congress to replace the existing patchwork of state laws with a national
standard giving companies 30 days to notify consumers if their personal
information has been compromised.
No comments:
Post a Comment