Wednesday, February 18, 2015

The largest bank robbery ever: up to $900M possibly stolen, and no need for a getaway car

The largest bank robbery ever: up to $900M possibly stolen, and no need for a getaway car

Yahoo News | February 16, 2014

Following a well planned operation, that involved months of spying through the use of sophisticated software, unknown hackers originating from Russia, China and Europe managed to steal at least $300 million from a large number of banks — which are now aware of the hack but chose not to disclose these losses.

The attacks appear to be continuing, the publication says, but the attacks may have went on for a couple of years before anyone noticed.

Kaspersky Labs says that more than 100 banks and financial institutions might have been hit in this elaborate scheme that involved no guns or getaway cars. This might be the largest bank thefts ever, and one that could have netted hackers up to $900 million, though traces for only a third of that amount have been discovered.

“This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert,” Kaspersky North America’s managing director Chris Doggett said.

Hackers used “regular” techniques to get in a bank — targeting employees with malware emails set up to look as if coming from their colleagues and hoping they’ll click and install malicious programs contained in seemingly safe attachments — and then, instead of going for a quick hit, they got into the banks internal network, studying the habits of other employees with help of advanced software. The attackers looked for employees responsible for bank transfers or ATM remote control.

They were able to capture video and screenshots of an employee’s computer, and then mimic their activities to transfer money to accounts they controlled, without alerting the bank that anything unusual is going on.

One of the techniques used to steal money was manipulating account balances to show more money than they actually had. An account with $1,000 in it would be altered to show $10,000, so that hackers could transfer $9,000 out of the bank without anyone noticing anything.

Labels: