CarderPlanet
Professional
- Messages
- 2,549
- Reaction score
- 724
- Points
- 113
At the end of 2013, an ATM in Kiev began to issue money at completely random moments. No one put cards in it or touched buttons. The cameras recorded that the money was taken by people who happened to be nearby at that moment. But when Kaspersky Lab was brought in to investigate, it found that the "crazy" device was the least of the bank's problems.
What really happened?
Malicious software was installed on the bank's computers, which employees used to make daily transfers and keep records, allowing cybercriminals to log every step. According to the investigation, the software was hidden there for months, sending videos and images that informed the criminal group — which included Russians, Chinese and Europeans — how the bank carried out its daily operations.
The attackers then pretended to be bank employees, not only turning on money-giving devices, but also transferring millions of dollars from banks in Russia, Japan, Switzerland, the United States, and the Netherlands to fake accounts. In its report, Kaspersky Lab says that the scale of this attack on more than 100 banks and other financial institutions in 30 countries could make it one of the largest bank robberies in history — and yet devoid of the usual signs of a robbery.
Who was injured?
Lab says that due to non-disclosure agreements with the affected banks, it cannot name them. The US White House and the FBI have been notified of the discovery, but say it will take time to confirm the data and assess the losses.
The company says it has received evidence of $300 million worth of theft from its customers through its clients, and estimates that the total losses could be three times higher. But this estimate cannot be verified, because the size of transactions in the theft was limited to $10 million (although some banks were repeatedly affected). In many cases, the amounts withdrawn were more modest, probably to go unnoticed. Most of the affected organizations are located in Russia, but many are also located in Japan, the United States, and Europe.
Chris Doggett, Managing director of the North American office of Kaspersky Lab in Boston, said that the "Carbanak group", named after the malware used, shows an increase in the sophistication of cyber attacks on financial companies.
"This is probably the most sophisticated attack in history in terms of tactics and techniques used by cybercriminals to go undetected," he said.
Hackers were very patient, placing tracking software on the computers of system administrators, they watched their actions for months. Evidence suggests that in this case, the hackers did not represent a country, but a group of cybercriminals.
The criminals spent a lot of effort to learn the specifics of each bank's system, while at the same time setting up accounts in banks in the United States and China to transfer money to them. Two people briefed on the investigation say the accounts were created at J. P. Morgan Chase and Agricultural Bank of China. None of the banks responded to a request for comment.
How and how much?
When it came time to cash in on their actions — a period that the investigation calls varying from two to four months — the perpetrators used several routes. In some cases, they used online banking systems to transfer money to their accounts. In other cases, an ATM was ordered to give out money where one of the accomplices was waiting.
But the largest amounts were stolen by hacking into bank accounting systems and manipulating balances. By posing as employees, criminals artificially inflated the balance — for example, an account with $1,000 was processed so that it was displayed as an account with $10,000. Then $9,000 was withdrawn from the bank. The real owner of the account could not have suspected anything, and the bank needed time to figure out what had happened.
"We found that many banks only check their accounts once every 10 hours or so," Golovanov said. — So in between, you can change the numbers and withdraw money."
The success of hackers is impressive. According to Kaspersky Lab, one of the companies that are its clients lost $7.3 million through ATMs alone. In some cases, money was transferred via the SWIFT system used by banks for international transfers. It has long been the target of hackers — and just as long it has been watched by the security services.
What really happened?
Malicious software was installed on the bank's computers, which employees used to make daily transfers and keep records, allowing cybercriminals to log every step. According to the investigation, the software was hidden there for months, sending videos and images that informed the criminal group — which included Russians, Chinese and Europeans — how the bank carried out its daily operations.
The attackers then pretended to be bank employees, not only turning on money-giving devices, but also transferring millions of dollars from banks in Russia, Japan, Switzerland, the United States, and the Netherlands to fake accounts. In its report, Kaspersky Lab says that the scale of this attack on more than 100 banks and other financial institutions in 30 countries could make it one of the largest bank robberies in history — and yet devoid of the usual signs of a robbery.
Who was injured?
Lab says that due to non-disclosure agreements with the affected banks, it cannot name them. The US White House and the FBI have been notified of the discovery, but say it will take time to confirm the data and assess the losses.
The company says it has received evidence of $300 million worth of theft from its customers through its clients, and estimates that the total losses could be three times higher. But this estimate cannot be verified, because the size of transactions in the theft was limited to $10 million (although some banks were repeatedly affected). In many cases, the amounts withdrawn were more modest, probably to go unnoticed. Most of the affected organizations are located in Russia, but many are also located in Japan, the United States, and Europe.
Chris Doggett, Managing director of the North American office of Kaspersky Lab in Boston, said that the "Carbanak group", named after the malware used, shows an increase in the sophistication of cyber attacks on financial companies.
"This is probably the most sophisticated attack in history in terms of tactics and techniques used by cybercriminals to go undetected," he said.
Hackers were very patient, placing tracking software on the computers of system administrators, they watched their actions for months. Evidence suggests that in this case, the hackers did not represent a country, but a group of cybercriminals.
The criminals spent a lot of effort to learn the specifics of each bank's system, while at the same time setting up accounts in banks in the United States and China to transfer money to them. Two people briefed on the investigation say the accounts were created at J. P. Morgan Chase and Agricultural Bank of China. None of the banks responded to a request for comment.
How and how much?
When it came time to cash in on their actions — a period that the investigation calls varying from two to four months — the perpetrators used several routes. In some cases, they used online banking systems to transfer money to their accounts. In other cases, an ATM was ordered to give out money where one of the accomplices was waiting.
But the largest amounts were stolen by hacking into bank accounting systems and manipulating balances. By posing as employees, criminals artificially inflated the balance — for example, an account with $1,000 was processed so that it was displayed as an account with $10,000. Then $9,000 was withdrawn from the bank. The real owner of the account could not have suspected anything, and the bank needed time to figure out what had happened.
"We found that many banks only check their accounts once every 10 hours or so," Golovanov said. — So in between, you can change the numbers and withdraw money."
The success of hackers is impressive. According to Kaspersky Lab, one of the companies that are its clients lost $7.3 million through ATMs alone. In some cases, money was transferred via the SWIFT system used by banks for international transfers. It has long been the target of hackers — and just as long it has been watched by the security services.
