Hackers Successfully Breached More Than 100 Banks/Institutions In 30 Countries — Could Be One Of The Largest Banks Thefts On Record; ‘Maybe The Most Sophisticated Cyber Attack To Date, In Terms Of Tactics, Methods That Cyber Criminals Use To Remain Covert

Hackers Successfully Breached More Than 100 Banks/Institutions In 30 Countries — Could Be One Of The Largest Banks Thefts On Record; ‘Maybe The Most Sophisticated Cyber Attack To Date, In Terms Of Tactics, Methods That Cyber Criminals Use To Remain Covert

http://www.fortunascorner.wordpress.com

David Sanger and Nicole Perlroth, writing for the February 14, 2015 The New York Times, describe the anatomy of a complex, and far-reaching cyber bank heist that is breathtaking in scope; and, netted the thieves an estimated hundreds of millions of dollars. “It was late 2013,” they begin, when “an ATM machine in Kiev began started dispensing cash at seemingly random times of the day. No one had put in a card, or touched a button. Cameras showed that the piles of money had been swept up by customers, who appeared to be there at the right moment.”

“But, when a cyber security firm, Kaspersky Lab, [whom by the way the first cyber firm to discover and analyze the Stuxnet cyber virus], was called in to investigate,” this incident, “it discovered the errant machine was the least of the bank’s problems,” the New York Times reports. “The banks internal computers, used by employees who process daily transfers and conduct bookkeeping, had been penetrated by malware that allowed the cyber criminals to record their every move. The malicious software lurked [inside the banks IT ecosystem] for months,” Mr; Sanger and Ms. Perlroth wrote, “sending back video feeds and images that told the group — including Russians, Chinese, and Europeans — how the bank conducted its daily routines,” according to the investigators. “Then the group impersonated bank officers, not only turning on various cash machines; but, also transferring millions of dollars from banks in Russia, Japan, Switzerland, the United States and the Netherlands, into dummy accounts [already] set up in other countries.” “This is likely the most sophisticated [cyber] attack the world has seen to date, in terms of the tactics, and methods that cyber criminals have used to remain covert,” said Chris Doggett, who is Kaspersky Lab’s North American Representative in Boston, Massachusetts. The evidence, according to Kaspersky Lab, suggests that this attack was not a nation-state sponsored operation; but, is more likely the work of a sophisticated, cyber criminal entity.

The report which the New York Times is referring to, was provided in advance to the paper; and, is to be published tomorrow (Monday), concludes that this might be “one of the largest bank heists ever — and, one conducted without any signs of robbery.” The Moscow-based, Kaspersky Lab, said “that because of non-disclosure agreements with the banks that were breached, — it cannot [publicly] name them.” The New York Times adds that “the White House and the FBI have been briefed on Kaspersky’s findings,” but said it would “take time to verify/confirm the losses.” Kaspersky Lab says it “has seen evidence of $300M in theft through clients; and, believes the total could be triple that amount.” But, the New York Times notes “that projection is impossible to verify, because the thefts were limited to $10M a transaction, though some banks were hit several times. In many cases, the hauls were modest, presumably to avoid setting off alarms,” or arousing undue suspicion in the early stages of the heist.

“The majority of the targets were in Russia; but, many were in Japan, the United States, and Europe,” the Times noted.

The New York Times raises the issue of “how a fraud of this a scale/magnitude…could have proceeded for two years, without banks, regulators, or law enforcement officials, catching on. Investigators say the answers may lie in the hackers techniques. In many ways, the operation appeared to begin like many other ‘routine’ cyber breaches. “The cyber criminals sent their victims infected emails — a news clip or message that appeared from a colleague — as bait. When the bank employees clicked on the email, they inadvertently downloaded malicious code, that allowed the hackers to crawl across the bank’s network — until they found employees who administered the cash transfer systems, or remotely connected to ATM’s. Then,” Kaspersky Lab notes, the [cyber] thieves installed a “RAT,” – remote access tool — that could capture video and screenshots of employees’ computers.”

“The goal, was to mimic their activities,” said Sergey Golovanov, who conducted the inquiry for Kaspersky Lab. “That way, everything would look like a normal, everyday transaction,” he said in a telephone interview from Russia with The New York Times. “The attackers, took great pains to each bank’s particular system, while they set up fake accounts at banks in the United States and China — that could serve as destinations for the cash transfers. Two people who were briefed on the investigation, said the accounts were set up at JP Morgan Chase, and the Agricultural Bank of China. Nether bank returned requests for comment,” according to The New York Times.

“When the time came to cash in on their activities — a period investigators said ranged from two, to four months — the [cyber] criminals pursued multiple routes. In some cases, they used online banking systems to transfer money to their accounts; while in others, they ordered the banks’ ATM systems to dispense cash to terminals where one of their associates [accomplices] would be waiting.” “But, the largest sums,” the New York Times notes, “were stolen by hacking into a banks’ accounting system; and, briefly manipulating account balances. Using the access gained by impersonating the banking officers, the criminals would first inflate an account balance — for example, an account balance of $1,000, would be altered to show a balance of $10,000. Then the $9,000 would be transferred outside the bank,” and the account would once again read $1,000, which would not raise any suspicion by the account holder.”

“We found that many banks only check their accounts every 10 hours or so,” Mr. Golovanov of Kaspersky Lab said. “So in the interim, you could change the numbers and transfer the money.”

“The hackers success rate was impressive. One Kaspersky client lost $7.3M through ATM withdrawals alone,” the firm said in the report to be released tomorrow. “Another lost $10M from the exploitation of its accounting system. In some cases, the transfers were run through the system operated by The Society for Worldwide Interbank Financial Telecommunication, or Swift, which banks use to transfer funds across borders. It has long been a target for hackers — and, long been monitored by intelligence agencies.”

‘FIN4′ Hackers Are Gaming Stock Markets By Stealing Insider Information

I don’t think anyone should really be surprised by any of the above. Right now, banks, financial institutions, and others, are playing whack-a-mole against these cyber thieves, and reflect a lot to be desired, in the way of coordination and sharing of cyber threat information, as well as best cyber hygiene practices. Having said that, another area ripe for this kind of theft, is in the big Wall Street firms’ mergers and acquisitions — privileged and confidential information — that would provide an investor or trader with a huge advantage on the street in the buying and selling of stock — based on this privileged information. Late last year, The Washington Post reported that a cyber theft group dubbed, “FIN4,” had been discovered hacking into more than 100 companies, to access insider information, about mergers and acquisitions, and other deals that could positively, or negatively impact the companies’ stock prices — thus providing the hackers with a trading advantage on Wall Street and other financial trading hubs. The cyber security firm, FireEye, discovered the group while investigating security breaches in its corporate clients’ networks. FIN4 has been active since at least mid 2013, according to FireEye’s report, “Hacking The Street? FIN4, Likely Playing The Market.”

And, I suspect a lot more unsavory activity in the cyber world is ongoing, in the very lucrative mergers and acquisitions world, where a trading advantage can net an enormous amount of profit/money. Sure, the Securities and Exchange System and the major trading entities like the DOW, S and P, NASDAQ, Russell 2000, etc., have softeware and mechanisms in place to ferret out and detect these kind of techniques/tactics, one has to believe that — just like cyber theft in other domains — there are those cyber thieves who profiting very handsomely. V/R, RCP

http://www.fortunascorner.wordpress.com

David Sanger and Nicole Perlroth, writing for the February 14, 2015 The New York Times, describe the anatomy of a complex, and far-reaching cyber bank heist that is breathtaking in scope; and, netted the thieves an estimated hundreds of millions of dollars. “It was late 2013,” they begin, when “an ATM machine in Kiev began started dispensing cash at seemingly random times of the day. No one had put in a card, or touched a button. Cameras showed that the piles of money had been swept up by customers, who appeared to be there at the right moment.”

“But, when a cyber security firm, Kaspersky Lab, [whom by the way the first cyber firm to discover and analyze the Stuxnet cyber virus], was called in to investigate,” this incident, “it discovered the errant machine was the least of the bank’s problems,” the New York Times reports. “The banks internal computers, used by employees who process daily transfers and conduct bookkeeping, had been penetrated by malware that allowed the cyber criminals to record their every move. The malicious software lurked [inside the banks IT ecosystem] for months,” Mr; Sanger and Ms. Perlroth wrote, “sending back video feeds and images that told the group — including Russians, Chinese, and Europeans — how the bank conducted its daily routines,” according to the investigators. “Then the group impersonated bank officers, not only turning on various cash machines; but, also transferring millions of dollars from banks in Russia, Japan, Switzerland, the United States and the Netherlands, into dummy accounts [already] set up in other countries.” “This is likely the most sophisticated [cyber] attack the world has seen to date, in terms of the tactics, and methods that cyber criminals have used to remain covert,” said Chris Doggett, who is Kaspersky Lab’s North American Representative in Boston, Massachusetts. The evidence, according to Kaspersky Lab, suggests that this attack was not a nation-state sponsored operation; but, is more likely the work of a sophisticated, cyber criminal entity.

The report which the New York Times is referring to, was provided in advance to the paper; and, is to be published tomorrow (Monday), concludes that this might be “one of the largest bank heists ever — and, one conducted without any signs of robbery.” The Moscow-based, Kaspersky Lab, said “that because of non-disclosure agreements with the banks that were breached, — it cannot [publicly] name them.” The New York Times adds that “the White House and the FBI have been briefed on Kaspersky’s findings,” but said it would “take time to verify/confirm the losses.” Kaspersky Lab says it “has seen evidence of $300M in theft through clients; and, believes the total could be triple that amount.” But, the New York Times notes “that projection is impossible to verify, because the thefts were limited to $10M a transaction, though some banks were hit several times. In many cases, the hauls were modest, presumably to avoid setting off alarms,” or arousing undue suspicion in the early stages of the heist.

“The majority of the targets were in Russia; but, many were in Japan, the United States, and Europe,” the Times noted.

The New York Times raises the issue of “how a fraud of this a scale/magnitude…could have proceeded for two years, without banks, regulators, or law enforcement officials, catching on. Investigators say the answers may lie in the hackers techniques. In many ways, the operation appeared to begin like many other ‘routine’ cyber breaches. “The cyber criminals sent their victims infected emails — a news clip or message that appeared from a colleague — as bait. When the bank employees clicked on the email, they inadvertently downloaded malicious code, that allowed the hackers to crawl across the bank’s network — until they found employees who administered the cash transfer systems, or remotely connected to ATM’s. Then,” Kaspersky Lab notes, the [cyber] thieves installed a “RAT,” – remote access tool — that could capture video and screenshots of employees’ computers.”

“The goal, was to mimic their activities,” said Sergey Golovanov, who conducted the inquiry for Kaspersky Lab. “That way, everything would look like a normal, everyday transaction,” he said in a telephone interview from Russia with The New York Times. “The attackers, took great pains to each bank’s particular system, while they set up fake accounts at banks in the United States and China — that could serve as destinations for the cash transfers. Two people who were briefed on the investigation, said the accounts were set up at JP Morgan Chase, and the Agricultural Bank of China. Nether bank returned requests for comment,” according to The New York Times.

“When the time came to cash in on their activities — a period investigators said ranged from two, to four months — the [cyber] criminals pursued multiple routes. In some cases, they used online banking systems to transfer money to their accounts; while in others, they ordered the banks’ ATM systems to dispense cash to terminals where one of their associates [accomplices] would be waiting.” “But, the largest sums,” the New York Times notes, “were stolen by hacking into a banks’ accounting system; and, briefly manipulating account balances. Using the access gained by impersonating the banking officers, the criminals would first inflate an account balance — for example, an account balance of $1,000, would be altered to show a balance of $10,000. Then the $9,000 would be transferred outside the bank,” and the account would once again read $1,000, which would not raise any suspicion by the account holder.”
“We found that many banks only check their accounts every 10 hours or so,” Mr. Golovanov of Kaspersky Lab said. “So in the interim, you could change the numbers and transfer the money.”

“The hackers success rate was impressive. One Kaspersky client lost $7.3M through ATM withdrawals alone,” the firm said in the report to be released tomorrow. “Another lost $10M from the exploitation of its accounting system. In some cases, the transfers were run through the system operated by The Society for Worldwide Interbank Financial Telecommunication, or Swift, which banks use to transfer funds across borders. It has long been a target for hackers — and, long been monitored by intelligence agencies.”

‘FIN4′ Hackers Are Gaming Stock Markets By Stealing Insider Information

I don’t think anyone should really be surprised by any of the above. Right now, banks, financial institutions, and others, are playing whack-a-mole against these cyber thieves, and reflect a lot to be desired, in the way of coordination and sharing of cyber threat information, as well as best cyber hygiene practices. Having said that, another area ripe for this kind of theft, is in the big Wall Street firms’ mergers and acquisitions — privileged and confidential information — that would provide an investor or trader with a huge advantage on the street in the buying and selling of stock — based on this privileged information. Late last year, The Washington Post reported that a cyber theft group dubbed, “FIN4,” had been discovered hacking into more than 100 companies, to access insider information, about mergers and acquisitions, and other deals that could positively, or negatively impact the companies’ stock prices — thus providing the hackers with a trading advantage on Wall Street and other financial trading hubs. The cyber security firm, FireEye, discovered the group while investigating security breaches in its corporate clients’ networks. FIN4 has been active since at least mid 2013, according to FireEye’s report, “Hacking The Street? FIN4, Likely Playing The Market.”

And, I suspect a lot more unsavory activity in the cyber world is ongoing, in the very lucrative mergers and acquisitions world, where a trading advantage can net an enormous amount of profit/money. Sure, the Securities and Exchange System and the major trading entities like the DOW, S and P, NASDAQ, Russell 2000, etc., have softeware and mechanisms in place to ferret out and detect these kind of techniques/tactics, one has to believe that — just like cyber theft in other domains — there are those cyber thieves who profiting very handsomely. V/R, RCP

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: