This page has been archived and commenting is disabled.

Dissecting Operation High Roller | Massive Cyber Attack in USA, Europe and Latin America Siphons $2.5 Billion From Banks

4closureFraud's picture




 

Massive Cyber Attack in USA, Europe and Latin America Siphons $2.5 Billion From Banks

Dissecting Operation High Roller

How the high-tech mantra of “automation and innovation” helps a multi-tiered global fraud ring target high net worth businesses and individuals. Building on established Zeus and SpyEye tactics, this ring adds many breakthroughs: bypasses for physical multi-factor authentication, automated mule account databases, server-based fraudulent transactions, and attempted transfers to mule business accounts as high as €100,000 ($130,000 USD). Where Europe has been the primary target for this and other financial fraud rings in the past, our research found the thefts spreading outside Europe, including the United States and Colombia.

Executive Summary

McAfee and Guardian Analytics have uncovered a highly sophisticated, global financial services fraud campaign that has reached the American banking system. As this research study goes to press, we are working actively with international law enforcement organizations to shut down these attacks.

Unlike standard SpyEye and Zeus attacks that typically feature live (manual) interventions, we have discovered at least a dozen groups now using server-side components and heavy automation. The fraudsters’ objective in these attacks is to siphon large amounts from high balance accounts, hence the name chosen for this research: Operation High Roller.

With no human participation required, each attack moves quickly and scales neatly. This operation combines an insider level of understanding of banking transaction systems with both custom and off the shelf malicious code and appears to be worthy of the term “organized crime.”

This study found 60 servers processing thousands of attempted thefts from high-value commercial accounts and some high net worth individuals. As the attack shifted emphasis from consumers to businesses, mule business accounts allowed attempted transfers averaging in the thousands of Euros, with some transfers as high as €100,000 (US$130,000)1. Three distinct attack strategies have emerged as the targets have expanded from the European Union, to Latin America, to the United States.

Debunking the popular wisdom that only big banks are affected, the research documents attacks at every class of financial institution: credit union, large global bank, and regional bank. So far, we estimate the criminals have attempted at least €60 million (US$78 million) in fraudulent transfers from accounts at 60 or more financial institutions (FIs). If all of the attempted fraud campaigns were as successful as the Netherlands example we describe in this report, the total attempted fraud could be as high as €2 billion.2

Full report below...

www.4closureFraud.org

 

Dissecting Operation High Roller

 

- advertisements -

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Wed, 06/27/2012 - 13:09 | 2565445 johnnyarrowmaker
johnnyarrowmaker's picture

So this is really what has been happening at RBS / Natwest / Ulster Bank - sounds like the poisoned transaction option was used, or is it still a 'glitch' perped by some poor Indian tecnician??

Wed, 06/27/2012 - 20:25 | 2566935 disabledvet
disabledvet's picture

I don't recall any banks or insurance companies or auto companies claiming "hackers did it." Which only goes to show how they really didn't see it coming...AND STILL DON'T!

Wed, 06/27/2012 - 13:08 | 2565438 stant
stant's picture

and where is all this digital money going where it can be used?. it ends up in computer ledger somewhere or otherwize is useless, or just gone

Wed, 06/27/2012 - 16:00 | 2566159 catacl1sm
catacl1sm's picture

It is transfered to mule accounts and then removed as cash within hours. If you read the report, you'd know that.

Wed, 06/27/2012 - 13:06 | 2565434 tinsmith
tinsmith's picture

Any connection between thisand the 'software' problems at RBS? Enquiring minds.......

Wed, 06/27/2012 - 13:04 | 2565426 Patriot Eke
Patriot Eke's picture

Obama has authorized cyber attacks on our enemies.  Who's surprised by a counter attack?

Wed, 06/27/2012 - 20:34 | 2566958 disabledvet
disabledvet's picture

exactly. the most interesting aspect of the Egyptian thing however is that you can turn the internet off...which came as a shock to most of the media which uses the dot.com space for...ahem..."special projects." i'm surprised we haven't had a wave of University bankruptcies actually given all the "high end plagiarism" going on. And of course "who cares about the Professor when you have a sophisticated media and a 14 year old you can label a genius" and billions to be made. We really are total neophytes in dealing with the Digital Domain. Cloud computing is for real...these financial institutions and governments around the world will spend hundreds of billions to protect their Data...ironically from the same people who are stealing the most namely...the Americans! "The gift that keeps giving" as they say...MOVE ALONG!

Wed, 06/27/2012 - 13:33 | 2565550 ThisIsBob
ThisIsBob's picture

Surprised it took so long.  Plus I  doubt that banks are not the only places they can get into, although I must say, its a real nice place to start.

Wed, 06/27/2012 - 12:53 | 2565392 Stoploss
Stoploss's picture

This means a bank holiday is coming.

They are going to blame it on hackers.

I want to be holding foldable frn's right now.

Wed, 06/27/2012 - 13:13 | 2565464 LynRobison
LynRobison's picture

Having some foldable federal reserve notes down in the safe is not a bad idea, while they are still worth something that is. As soon as frns become worthless however, you'll just be holding paper. After that, 90% silver dimes, silver eagles, and krugerrands will preserve your wealth. Food and bullets and likeminded friends will preserve your life. 

Wed, 06/27/2012 - 12:52 | 2565389 Pchelar
Pchelar's picture

An article I read about this indicated that the servers performing the attacks seemed to be mostly in Russia.  This could be true or a false flag, either way, it would make sense that the end game here is to cripple the banking system.  If an individual bank can't trust that transfers in and out of it's accounts are legitimate and more importantly if the public (Especially those with large sums of money in the banking system) can't trust that their funds are safe, the whole system comes to a screeching halt.  Either the Russians have found a brilliant cyber-warfare tactic, or they are being made to be set up as the "bad guy".

Wed, 06/27/2012 - 17:38 | 2566535 lincolnsteffens
lincolnsteffens's picture

What the hell! we are trying to ruin the Iranian banking system. What goes around comes around.

Wed, 06/27/2012 - 14:22 | 2565761 Things that go bump
Things that go bump's picture

Peggy?

Wed, 06/27/2012 - 14:16 | 2565730 Ying-Yang
Ying-Yang's picture

Russian Mafia or US Feds... is there any difference?

Wed, 06/27/2012 - 16:43 | 2566320 WTFx10
WTFx10's picture

Maybe the russians \ Putin has finally have had enough of the Rothschild's? They have been screwing russia for years, can't beat them in war beat them where thier most exposed?

Wed, 06/27/2012 - 14:40 | 2565853 Overfed
Overfed's picture

Same psychopathic personality types thrive in both.

Wed, 06/27/2012 - 14:19 | 2565740 NotApplicable
NotApplicable's picture

Other than the lowest echelons of authority, likely none at all.

Wed, 06/27/2012 - 12:51 | 2565382 world_debt_slave
world_debt_slave's picture

it's all just digits, they can just type more into existence

Wed, 06/27/2012 - 12:44 | 2565364 printmoremoney
printmoremoney's picture

Artificial Intelligence comes alive. The machine will decide if you have credits, or not. Good luck in the real world trying to fight the Code. You can't unplug it. It is immortal. You are just visiting the Planet.

Wed, 06/27/2012 - 12:43 | 2565363 ZeroPoint
ZeroPoint's picture

They are trying to soften up influential people to support internet clamp downs and internet ID.

Wed, 06/27/2012 - 13:19 | 2565488 Animal Cracker
Animal Cracker's picture

While undermining the case for a cashless society?

Wed, 06/27/2012 - 14:18 | 2565736 NotApplicable
NotApplicable's picture

Of course! These are politicial operations, ya know.

The only goal is for you and him to fight. What better way than to arm you both?

Wed, 06/27/2012 - 14:16 | 2565731 ZeroPoint
ZeroPoint's picture

The cashless society is a fantasy. Police, governments, and the British Monarchy are making too much money off the drug trade.

Drug profits require 3 things: Illegal status, anonymous transactions, and demand.

They have all 3 already. It will never change.

Wed, 06/27/2012 - 12:40 | 2565344 LowProfile
LowProfile's picture

I spy with my little eye an agency who's three letter acronym starts with the letter after B...

Wed, 06/27/2012 - 14:26 | 2565776 A Lunatic
A Lunatic's picture

Exactly, and in other news, it has been discovered that our Drones can be hijacked by "terrorist entities" as well (wink wink). I wonder how long it will take to link it all to the "Homegrown" variety so they can go all in............

Wed, 06/27/2012 - 13:45 | 2565605 Sabibaby
Sabibaby's picture

hmmm.... The CIA would never do anything like that!

Wed, 06/27/2012 - 14:46 | 2565876 CPL
CPL's picture

Not this time.

 

They are asking for a hand.

Wed, 06/27/2012 - 13:41 | 2565581 Abiotic Oil
Abiotic Oil's picture

Sounds like these guys watched "Office Space" too many times.

Wed, 06/27/2012 - 13:29 | 2565529 battle axe
battle axe's picture

It is the ECB, they really need the money....

Wed, 06/27/2012 - 12:56 | 2565403 Winston Churchill
Winston Churchill's picture

So Langley has switched fron drug dealing to bank fraud.

I suppose thats an improvement.

Wed, 06/27/2012 - 14:00 | 2565658 jekyll island
jekyll island's picture

Sure is.  If the CIA gets really good at it, obummer can cut their budget and make it a win-win for the taxpayers.  Unless you have a high net worth. 

Wed, 06/27/2012 - 12:51 | 2565385 bookwurm
bookwurm's picture

Coders In Action...

Wed, 06/27/2012 - 15:49 | 2566116 zorba THE GREEK
zorba THE GREEK's picture

The money is being funneled into Obama's re-election fund.

Wed, 06/27/2012 - 14:46 | 2565877 fnordfnordfnord
fnordfnordfnord's picture

..."Outsource IT to India they said..."

What? Did you think all the laid-off IT staff were going to go wait tables or something?

Wed, 06/27/2012 - 12:59 | 2565408 12ToothAssassin
12ToothAssassin's picture

Thieves stealing from thieves? Is there no honor among them? 

 

The enemy of my enemy is my friend?

Wed, 06/27/2012 - 13:16 | 2565466 LowProfile
LowProfile's picture

Hmm...  This fellow makes a good point http://www.zerohedge.com/contributed/2012-06-27/dissecting-operation-hig...

Maybe that three letter acronym begins with the letter after J...

Either way, please hurry up.

Wed, 06/27/2012 - 13:46 | 2565607 Sabibaby
Sabibaby's picture

Are you saying CIA = KGB?

Wed, 06/27/2012 - 16:29 | 2566276 LowProfile
LowProfile's picture

No, that someone pointed to the attacks coming from Russia, so perhaps it was KGB, not CIA.

Although a possible conspiracy of rouge elements within both..?  Great espionage movie material, but unlikely.

Now that I've thought about it, more likely it's Russian mafia (but I wouldn't be surprised if they collude with KGB from time to time).

Wed, 06/27/2012 - 18:43 | 2566701 New_Meat
New_Meat's picture

YouDidn'tKeepALowEnoughProfile: poor bastard ;-)

"Although a possible conspiracy of rouge elements within both..?"

Your Freudian Slip exposes your insider knowledge!  Confess Immediately and your family will be "spared."  Rouge elements indeed!

But remember, KGB and the "so called Russian Mafia" are in a revolving door relationship among themselves.  It is almost incestuous, ...

- Ned

{and then there are the verte elements, that also conceal the internal "rouge" intent.}

Wed, 06/27/2012 - 13:34 | 2565553 Herd Redirectio...
Herd Redirection Committee's picture

Now if there was just some way to blame this on 'Al Qaeda'...

Do NOT follow this link or you will be banned from the site!