Hack­ers steal up to $1b from banks

Lesotho Times - - International -

NEW YORK — A hack­ing ring has stolen up $1 bil­lion (M10 bil­lion) banks around the world in what would be one of the big­gest bank­ing breaches known, a cy­ber­se­cu­rity firm says in a re­port sched­uled to be de­liv­ered Mon­day.

The hack­ers have been ac­tive since at least the end of 2013 and in­fil­trated more than 100 banks in 30 coun­tries, ac­cord­ing to Rus­sian se­cu­rity com­pany Kasper­sky Lab.

Af­ter gain­ing ac­cess to banks’ com­put­ers through phish­ing schemes and other meth­ods, they lurk for months to learn the banks’ sys­tems, tak­ing screen shots and even video of em­ploy­ees us­ing their com­put­ers, the com­pany says.

Once the hack­ers be­come fa­mil­iar with the banks’ op­er­a­tions, they use that knowl­edge to steal money with­out rais­ing sus­pi­cions, pro­gram­ming ATMS to dis­pense money at spe­cific times or set­ting up fake ac­counts and trans­fer­ring money into them, ac­cord­ing to Kasper­sky.

The re­port is set to be pre­sented Mon­day at a se­cu­rity con­fer­ence in Can­cun, Mex­ico. It was first re­ported by The New York Times.

The hack­ers seem to limit their theft to about $10 mil­lion be­fore mov­ing on to an­other bank, part of the rea­son why the fraud was not de­tected ear­lier, Kasper­sky prin­ci­pal se­cu­rity re­searcher Vi­cente Diaz said in a tele­phone in­ter­view with The As­so­ci­ated Press.

The at­tacks are un­usual be­cause they tar­get the banks them­selves rather than cus­tomers and their ac­count in­for­ma­tion, Mr Diaz said.

The goal seems to be fi­nan­cial gain rather than es­pi­onage, he said.

“In this case they are not in­ter­ested in in­for­ma­tion. They’re only in­ter­ested in the money,” he said.

“They’re flex­i­ble and quite ag­gres­sive and use any tool they find use­ful for do­ing what­ever they want to do.”

Most of the tar­gets have been in Rus­sia, the US, Ger­many, China and Ukraine, although the at­tack­ers may be ex­pand­ing through­out Asia, the Mid­dle East, Africa and Europe, Kasper­sky says.

In one case, a bank lost $7.3 mil­lion through ATM fraud. In an­other case, a fi­nan­cial in­sti­tu­tion lost $10 mil­lion by the at­tack­ers ex­ploit­ing its on­line bank­ing plat­form.

Kasper­sky did not iden­tify the banks and is still work­ing with law-en­force­ment agen­cies to in­ves­ti­gate the at­tacks, which the com­pany says are on­go­ing.

The Fi­nan­cial Ser­vices In­for­ma­tion Shar­ing and Anal­y­sis Cen­ter, a non­profit that alerts banks about hack­ing ac­tiv­ity, said in a state­ment that its mem­bers re­ceived a brief­ing about the re­port in Jan­uary.

“We can­not com­ment on in­di­vid­ual ac­tions our mem­bers have taken, but on bal­ance we be­lieve our mem­bers are tak­ing ap­pro­pri­ate ac­tions to pre­vent and de­tect these kinds of at­tacks and min­i­mize any ef­fects on their cus­tomers,” the or­ga­ni­za­tion said in a state­ment.

“The re­port that Rus­sian banks were the pri­mary vic­tims of these at­tacks may be a sig­nif­i­cant change in tar­get­ing strat­egy by Rus­sian-speak­ing cy­ber­crim­i­nals.”

The White House is putting an in­creas­ing fo­cus on cy­ber­se­cu­rity in the wake of nu­mer­ous data breaches of com­pa­nies rang­ing from mass re­tail­ers like Tar­get and Home De­pot to Sony Pic­tures En­ter­tain­ment and health in­surer An­them.

The ad­min­is­tra­tion wants Congress to re­place the ex­ist­ing patch­work of state laws with a na­tional stan­dard giv­ing com­pa­nies 30 days to no­tify con­sumers if their per­sonal in­for­ma­tion has been com­pro­mised. — AP

Newspapers in English

Newspapers from Lesotho

© PressReader. All rights reserved.