This page has been archived and commenting is disabled.
"The World's Most Sophisticated Cyber Attack" - How Hackers Infiltrated The Banks & Stole Millions
Since late 2013, The NY Times reports that an unknown group of hackers has reportedly stolen $300 million - possibly as much as triple that amount - from banks across the world, with the majority of the victims in Russia. The attacks continue, all using roughly the same modus operandi...
Hackers send email containing a malware program called Carbanak to hundreds of bank employees, hoping to infect a bank’s administrative computer.
Programs installed by the malware record keystrokes and take screen shots of the bank’s computers, so that hackers can learn bank procedures. They also enable hackers to control the banks’ computers remotely.
By mimicking the bank procedures they have learned, hackers direct the banks’ computers to steal money in a variety of ways:
Source: Kasperskly Labs
In late 2013, an A.T.M. in Kiev started dispensing cash at seemingly random times of day. No one had put in a card or touched a button. Cameras showed that the piles of money had been swept up by customers who appeared lucky to be there at the right moment.
But when a Russian cybersecurity firm, Kaspersky Lab, was called to Ukraine to investigate, it discovered that the errant machine was the least of the bank’s problems.
The bank’s internal computers, used by employees who process daily transfers and conduct bookkeeping, had been penetrated by malware that allowed cybercriminals to record their every move. The malicious software lurked for months, sending back video feeds and images that told a criminal group — including Russians, Chinese and Europeans — how the bank conducted its daily routines, according to the investigators.
Then the group impersonated bank officers, not only turning on various cash machines, but also transferring millions of dollars from banks in Russia, Japan, Switzerland, the United States and the Netherlands into dummy accounts set up in other countries.
In a report to be published on Monday, and provided in advance to The New York Times, Kaspersky Lab says that the scope of this attack on more than 100 banks and other financial institutions in 30 nations could make it one of the largest bank thefts ever — and one conducted without the usual signs of robbery.
...
Kaspersky Lab says it has seen evidence of $300 million in theft through clients, and believes the total could be triple that.
No bank has come forward acknowledging the theft...
The silence around the investigation appears motivated in part by the reluctance of banks to concede that their systems were so easily penetrated, and in part by the fact that the attacks appear to be continuing.
The managing director of the Kaspersky North America office in Boston, Chris Doggett, argued that the “Carbanak cybergang,” named for the malware it deployed, represents an increase in the sophistication of cyberattacks on financial firms.
“This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert,” Mr. Doggett said.
...
Mr. Doggett likened most cyberthefts to “Bonnie and Clyde” operations, in which attackers break in, take whatever they can grab, and run. In this case, Mr. Doggett said, the heist was “much more ‘Ocean’s Eleven.’ ”
“We found that many banks only check the accounts every 10 hours or so,” Mr. Golovanov of Kaspersky Lab said. “So in the interim, you could change the numbers and transfer the money.”
* * *
- 26994 reads
- Printer-friendly version
- Send to friend
- advertisements -





https://www.youtube.com/watch?v=OOLlf2BoUDU
How do you think the ChiComs are paying for the massive expansion of their military?
(Which they will eventually use against us)
Our senior DBA just had a malware attack on Thursday.....think that's bad?
Only if you're the employee who watches lots of porn on the company system.
Sounds more like someone is either sending a message to the bankers, or they are testing their ability to infiltrate the banking system.
Either way, they would have done us a larger favor had they simply started wiping out debts instead and erasing any trace of them.
Its just the NSA filling some black budget holes! :)
"Western Spy Agencies Secretly Rely on Hackers for Intel and Expertise"
https://firstlook.org/theintercept/2015/02/04/demonize-prosecute-hackers...
Bitcoin users not affected.
Thats because the cyber group knows that bitcoin is going much lower, and its future is to be on par with the infinite number of other alt coins. That is the only way bitcoin can survive. Its the only way the masses will start using it. Why spend $234 USD for a bitcoin when you can buy litecoin for $1.80 USD, or any other alt coin for that matter. Wake the fuck up! Stop grasping at straws. Take your loss and move on.
lol bitcoin. How much has the value of bitcoin plummeted in the last year again?
If you think it's about the price you're not paying attention.
"Either way, they would have done us a larger favor" criminals rarely do anyone a favour.
"Since late 2013"
"with the majority of the victims in Russia"
If that's not NSA or CIA I'll eat my hat.
Just a passing thought, but I wouldn't discount Russia's new glasnost partner, those sneaky Chinese hoards.
(Or the Norks. Chuckle. Chuckle)
Someone, stop those thieves! (no, not the 'hackers' - the guys who counterfieted the 'money' the 'hackers' stole)
The State has more guns, and they are bigger.
Exactly. These hackers didn't do anything different from what central banks the world over do; they added a zero (or two) to someone's account balance then transfered money to themselves.
The victim account holder might have had $10,000 in their account - the hackers made it $100,000, then transfered $90,000 to themselves in the blink of an eye, account holder still has $10,000.
No diffterent than Ben Bernanke or Janet Yellen hitting Ctrl+P on the FED keyboard and the Treasury giving banks all the "money" they want at 0.5% so they can lend it out at to the sheeple at 4.5%-29%.
Who are the more malicious thieves here, hackers giving themselves some cash or the .gov and bank/corporate interests working together to rob the public treasury while making citizens debt slaves?
Which is all the more reason I am just going to assume that it was the Fed that perpetrated the hack themselves, probably through a proxy to enable it as a justification for an end to the "net-neutrality", or a lockdown kill switch for the whole of the internet.
I expect to see more of these so called "hacks".
Operation: chaos
well, one thing is for certain ... these are not small potatoes kind of things run from the garage
'nul ne peut se prévaloir de sa propre turpitude' bank is fraud so...
Jon Corzine strikes again?
Only if they are segregated funds protected by law...
See, this exactly the front end running that I've talked about with you people brfoer that end runs encryption.
Like the simple commercial software available for parents to keep track of their kid's activities on line which will record every keystroke and scree of every site visited, it's simply downloaded onto the system in question and records the activity.
Later, the necessary information sought is retrieved and voila, y'all got entry into and command of said system
It end runs (both front and back) encryption. Just as my acquaintance, the retired crypto analyst at the Uknowhoagency agreed to when offered the paradigm.
So simple a caveman could do it
This is a no brainer.
If it in any way is connected to the ether-space, it is publicly available. EOC QED
PS Also tells you that we as individuals should always hand audit/balance our financial statements with any financial institution by hand. Just like in the old days. If ya' don't activity like this takes place, you never ever know it. That's your second best control over this kind of theft. The first and best is not to have anything on line .... but your bank is already on line, so no absolute control other than personal eyeball check and balance
"The first and best is not to have anything on line..."
Ayep.
say what you will sir, but this is going to require billions more dollars, and a good bit more legislation before it is never dealt with
Yep, another lettered Big Government agency will need to be created to handle this task. How about the Trade Reliance Intelligence Bureau and Execution or TRIBE for short?
I suggest the new goverment entitiy be called SHIT for "SHeeple IT"
Funny how ex-banker Knukles knows how it all works, encryption and all - but still can't wrap his liver-spotted skull around Bitcoin.
Aww shucks grandpa, you're sooo smart.
LOL.
The bankers paying themselves out and reporting it as a hack
The first step in robbing a bank is buying it.
Yep, and probably a tax write off too.
That will come later.. the old I've been robbed they got 5k, when in fact the robber took 250.00.
If you want to rob a bank, buy a gun.
If you want to rob the world, buy a bank.
Fortunately, government central banks can print more money to replace what was stolen. OTOH if a Bitcoin bank gets robbed, the depositors are SOL.
Its not FDIBitC insured? ;-)
The central bank does not replace stolen money. The banks simply rob the customers to get the stolen money back.
My guess is this money is quietly being funneled into BlackOps projects. For the children of course........
Don't worry. They just have to print to make up for the shortfall.
are you kidding?
$300 million is NOTHING to the Banksters.
neither is a "paltry" billion here or there.
Now compromised trust in the banking system DOES mean something to them.
And it might possibly explain why so many banksters heads have rolled of late.
They stole zero's and ones, not wealth. Any jack ass could just walk over to a terminal and replace the zero's and ones.
How does a hacker steal counterfeit money that has been quantitatively eased by the Federal Reserve under no asset backing? Buying MBS and bonds that hold future maturity to pay back a leveraged obligation. How does a hacker steal money created out of thin air?
Fuck you NSA, suck the smoke up your alert cybercrime ass. If you knew the people, the cable would have never hit the internet news. It would be Classified Intel. Fake stories to catch a phishing story. Stupid cunts trying to validate your budget.
Isn't your mission to predict a crime before it happens? Perhaps cutting your budget will make you more effective or defunct. Boo!
Note to self: Sign up for that advanced computer class tomorrow.
01001110 01010011 01000001 00100000 01000011 01100001 01100010 01101100 01100101 00101110 00100000 01010111 01100101 00100000 01101100 01100001 01110101 01101110 01100011 01101000 01100101 01100100 00100000 01100001 00100000 01101100 01100101 01100001 01101011 00100000 01110100 01101111 00100000 01101111 01100011 01100011 01110101 01110010 00100000 01101111 01101110 00100000 01010011 01110101 01101110 01100100 01100001 01111001 00101110 00100000 01010111 01100101 00100000 01100100 01101111 01101110 00100111 01110100 00100000 01110111 01100001 01101110 01110100 00100000 01100101 01100111 01100111 00100000 01101111 01101110 00100000 01100110 01100001 01100011 01100101 00101110 00100000 01001000 01100101 01101100 01110000 00100000 01110101 01110011 00100000 01101111 01110101 01110100 00101110 00100000
Can't agree with you: 110001100 110001100 110001100 110001100
110001100 110001100 110001100 110001100
See what I mean?
There are 10 kinds of people, those who understand binary and those who don't.
You Sir - are a geek
There's no place like 127.0.0.1
Those are strong cuss words. Tone it down for the children here.
01000001 01101100 01101100 00100000 01111001 01101111 01110101 01110010 00100000 01101101 01101111 01101110 01100101 01111001 00100000 01100001 01110010 01100101 00100000 01100010 01100101 01101100 01101111 01101110 01100111 00100000 01110100 01101111 00100000 01110101 01110011 00100001
This bank theft is just the one we are being told about. How many other instances of bank hacking are being concealed?
But don't worry, the info you have stored in the cloud is completely safe.
Where did Ebola go?
Ebola was used to distract the sheep until their short attention span moved to isis, Ukraine, and side boob nipple slips. Ebola is old news now.
Have yet to hear of a gold vault getting hacked. Oh yeh... thats real money.
Fuck You Bernanke ...you feckin' criminal.
They did hack the gold vault. They replaced real bars of Gold with Tungsten plated bars.
That's pretty good hacking if you ask me. Because by the time people realize the bars are full of Tungsten, the real Gold will be long gone.
Israel + US…indubitably…
I bet this is ultimately where they will lay blame for the coming collapse. Hackers stole trillions, economy in turmoil, need to shut down Internet so it doesn't happen again.
Oh, and it was Russian, Iranian, Syrian and North Korean hackers. And a few others that hoard gold, stockpile food and bottled water and use solar panels.
It's ok they just can print more money to replace the stolen money....
It's 1 billion not 300 million.
http://www.nytimes.com/aponline/2015/02/15/us/ap-us-bank-hack-report.htm...
Industrial Military Complex = Hackers using Hegelian dialectic to prpmpt us to give up more control.
Wait, someone remind me how much the banksters and the Fed steal from us every year, not to mention since the "financial crisis." The built-in inflationary theft alone must be in the Trillions. "We shafted some folks!"
a moment to remember Gibson's "Neuromancer", where he writes of, among many other things, taking first-world software out to hack third-world banks. true classic
If you want to stop them, just crush their $300MM purchasing power by inflating the money supply until the currency is worthless. That'll stop them.
How come none of these expensive firewall bullshit compaies can keep out hackers ? One would think with ALL the $$ at risk that banks would be in the marlet for something that works.
BUt I guess if one is getting paid NOT to understand... then... well y'know...
The Pentagon, all by itself, "lost" nearly 2.5 trillion...$300 million is not even worth bending over to pick it up....
Just prepping the sheople for the 'great siphoning of their bank accounts'.
And the shut down, command, taxation, and total control of the internet.
BREAKING NEWS! FCC Says Obama Taking Over The Internet On February 26th:
https://www.youtube.com/watch?v=RcQK1DeQCKw
I have had 3 credit cards and 1 debit card hacked in the last couple of years, which means all of them. Subsequently I have cancelled all credit cards. debit cards, anything that doesn't have to have a PIN or a login. I'm only using atm, paypal and amazon credit. Any more hacks and it's "close bank accounts, close paypal, close amazon and buy gold and silver and get ripped off at local box stores paying cash only"
I've had it with these bean counter fucks that write this theft off while we have to fill out the affidavits.
Long time reader - first time poster.
There seems to be a general push to monitor and regulate the internet, an inch at a time, until eventually they've taken complete control. They highlight the hacking of firms and paint a picture of nasty Russians breaking through the door, to drum up discourse in the status quo of things. When in reality close to 85% of the time someone gave them the keys to the castle through a malevolent or gullible employee. You can't legislate away the humans yet.
Then there is the looming executive order giving the FCC increased power in regulating the internet, and hope to gain support for the measure by increasing the definition of broadband speed. Which sounds nice, unfortunately its most likely a small carrot in a stew of poo. In his speech the President mentioned twitter as a tool to do harm.
Unfortunately one government's idea of a hateful ideology can switch from day to day, and it's not too hard to imagine where we end up someday. I mean its not like they would go about planting backdoors into encryption protocols or network hardware.
FCC is trying and succeeding at back dooring these regulations.
The message we have been trying to pass on has has a difficult time cutting through the pea soup fog of all the other crap out there.
Much like the ACA, the cry will be after the fact and when it comes out of 'now where' and hits the crowd in the pocket book.
http://therightscoop.com/mark-levin-interviews-the-fcc-commissioner-on-m...
Another good reason not to use banks.
that's bollocks! I've been working with accounting and then later on as a DBA in a bank. you can't just simply send money without notice. there's automated scripts and triggers, that would check balance and movement. even if you could alter DB and transfer funds by the end of the month you would still fail under accounting check and that's game over. noone in the right mind would believe this story-fairy tale
I do not believe this story. Im calling BS. I know InfoSec, this is not plausible.
Another armchair infosec expert.
My lifes work (>20 years) is InfoSec as a software developer. I've written large amounts of code in three of the largest security systems. My expertise is operating systems / kernal level security.
>20 years means knowing fuck all the difference between "kernel" and "kernal"...
You have no idea but this isn't the place. Anyways, I stand by my view that this story is exaggerated bullshit. The kinda thing that sales people and the uneducated spread. Competent professionals prevail inspite of the satire and sarcasm that we all, including myself, banter and relish these days. You can't just activate workstation cameras to "learn bank protocols" and thus steal millions. Its a tall tale.
1. Kaspersky paid to ZH a covert advertising money.
2. Tyler published this IT/business process/ nonsense to deliver the PR, as agreed and paid.
I worked around a big bank wire transfer room bunga bunga years ago, and it was a common occurence for the minimum wage key entry folks to wire themselves a big chunk of money now and then, just for fun. Usually it was quickly caught, but there was virtually no technical factor to prevent it. Sounds like not much has changed.
This was just before some computer consultant *did* wire himself $12,000,000 (a lot of money back then, more like $100m today) to a Swiss account, flew out to grab the cash, used it to buy a big bag of Russian diamonds (that were probably worth about a third of what he paid), then idiot that he was, flew back to the US to show a girl he liked but wasn't even his girlfriend, what he'd done, so they arrested him.
The amazing thing in this new story is that the banks admitted it. The even more amazing thing is that they EVEN NOTICED. Why should they, if they want more money, they just have it helicoptered in the next morning.
They could have avoided this by using a decenralized system based on a public ledger, cryptographic proof and n of m multisig.
After it is seasonally adjusted in March, it will turn out to be 1.2 trillion.
ehm.. I´d say thats pretty simple stuff. I remember me and my friends doing this on the school computers when we where like 12-13 years old, that would be almost 20 years ago.
Of course we didnt make the software ourself, someone of my friends had it downloaded.
Pretty sure it wont be much harder today, just surprised how stupid and unprotected the banks are.
money in a bank is a targetable asset
Islamic State hackers stealing funds to operate their armed group...
Damm Kiev Nazis STEALING AGAIN! Just like the US Boomers and the banks. Kiev Nazis stole Russia's gas, stiffed China on their grains, Boomers robbed people in need of shelter and stiffed us on an economy with thier delegates and lobbyists, politicians stealing from us to bail out the banks---there seems to be a theme here.
Now if bank would actually PROTECT their clients' money with the same vigor that a rabid racist tweaker would protect her cleaning supplies with- oh wait, she failed.
Dear World, if you haven't noticed our garbage boomer elected politicians rob us for the banks- don't look to the U.S. for protection. The U.S. is worthless.