Cue up the Dr. Evil segment – a Russian hacking circle has stolen roughly $1 billion (yes, that’s $1 BILLION) from various banks around the globe in likely the most massive breach of the banking system in history, according to a report intended to be delivered by a cybersecurity firm Monday.
The massive hack has been ongoing since at least the close of 2013. Over 100 banks across 30 different countries around the world have been infiltrated, says Kaspersky Lab, a Russian security company.
Principal security researcher for Kaspersky Lab, Vincente Diaz, says the hacks are unusual because they go after the banks, themselves, rather than the banks’ clients. He also said it appears money is the driving factor, not information or espionage.
In this case they are not interested in information. They’re only interested in the money. They’re flexible and quite aggressive and use any tool they find useful for doing whatever they want to do.
From the sounds of it, however, the hackers use pretty much the same techniques on the banks as they do on individuals. They gain access by phishing and other such methods, then they loom in the virtual shadows, sometimes for months, in order to acquire the necessary knowledge they need for their capers – information related to the banks’ systems. It’s done through keylogging, screen shots, even going so far as capturing video of employees on their computers.
Once the necessary knowledge is obtained through the above and other such means, it’s used to swipe the cash without raising any red flags. Some of those methods include programming set times for money distribution via ATM machines or transferring money into fake accounts that have been set up.
The massive thefts have largely gone undetected until recently due to the hackers only stealing roughly $10 million a pop before finding another bank to leech from. Apparently, banks can lose $10 million and not notice so much.
A majority of the banks targeted have been in China, Germany, Ukraine, Russia, and the good old U.S. of A. There is some belief that the operation is beginning to slip into the Middle East, Europe, Asia, and Africa as well, though. Kaspersky Lab states $7.3 million was lost by one bank through ATM fraud, while another lost $10 million through an exploitation of online banking.
For the sake of everyone not losing their shit and freaking to the moon, Kaspersky is refraining from fingering the banks affected by the breaches, but the Lab is definitely still in the midst of working with authorities to investigate the hacks and hopefully catch those responsible. In the meantime, however, the hacks continue, and continue to expand around the globe.
The Financial Services Information Sharing and Analysis Center issued a statement that members of the nonprofit banking cyber-alarm came into possession of a briefing regarding the upcoming report last month.
The Center stated:
We cannot comment on individual actions our members have taken, but on balance we believe our members are taking appropriate actions to prevent and detect these kinds of attacks and minimize any effects on their customers. The report that Russian banks were the primary victims of these attacks may be a significant change in targeting strategy by Russian-speaking cybercriminals.
As a result of the massive, worldwide hacks that have been ongoing for more than a year now, and in the recent shadow of such major hacks here in the U.S. as the ones that have recently hit Target, Sony, Home Depot, and most recently, Anthem health insurance, the White House is working to strengthen its cybersecurity measures. The Obama administration is currently pressuring Congress to do away with the tedious rusty chain of state laws regarding cybersecurity and replacing it with standardized federal legislation. The federal law would seek to push companies to notify clients within 30 days of breaches involving confiscation of personal information.
The Kaspersky report is scheduled to be presented at a security conference, Monday, in Cancun, Mexico.