Subscribe

Hackers stole $1 billion in high-tech bank heists, researchers say

Over nearly two years, the so-called Carbanak hacking group attacked nearly one hundred banks, e-payment systems and other financial institutions. The hackers used phishing attacks to lure users of the banks’ computer networks into installing malware into those systems.

  • close
    A person inserts a debit card into an ATM in Pittsburgh. Over a two-year span, a group of hackers attacked banks, e-payment systems and other financial institutions, according to Kaspersky Labs, which has been working with law-enforcement agencies including Interpol.
    Gene J. Puskar/AP/File
    View Caption
  • About video ads
    View Caption
of

An advanced hacking campaign against dozens of large banking institutions has hauled in as much as $1 billion, security researchers say.

Over nearly two years, the so-called Carbanak hacking group — named for the malware they use — attacked banks, e-payment systems and other financial institutions, according to Kaspersky Labs, which has been working with law-enforcement agencies including Interpol.

No individual users were targeted, according to the security firm, only the financial institutions themselves.

“One way or another, the criminals stripped each victim bank of $2.5 million to $10 million – the amount looks striking even when assessed individually,” Kaspersky’s Alex Drozhzhin wrote in a blog post Monday. “Considering that dozens – up to one hundred – of organizations lost their funds due to the APT (advanced persistent threat) attack, the cumulative loss might well total to a stunning $1 billion.”

Kaspersky says it was hired by one of the institutions, a Russian bank, after it had noticed the attack.

According to Drozhzhin, hackers used phishing attacks to lure users of the banks’ computer networks into installing malware into those systems. They took control over the compromised machines, then used them to infect other machines in the networks, seeking out computers that could be used to access critical information and  make financial transactions, according to the post.

They withdrew funds using methods that included withdrawing money into fake bank accounts and even sending remote messages to ATMs, making them start spewing out money.

“On average, it took from two to four months to drain each victim bank, starting from the Day 1 of infection to cash withdrawal,” Drozhzhin wrote.

Kaspersky did not identify the institutions that were attacked, but said “severe losses” have been sustained in countries including the United States, Russia, Germany, China and Ukraine, with newer operations sprouting up in Malaysia, Nepal, Kuwait and several African countries.

To avoid phishing attacks like the one used by Carbanak, Kaspersky and other security experts advise Web users to never open suspicious emails, especially those that contain attachments, and to regularly update the software they use. The Carbanak attack exploited bugs that had been fixed in the most up-to-date versions of the software that was attacked.

The Christian Science Monitor has assembled a diverse group of the best personal finance bloggers out there. Our guest bloggers are not employed or directed by the Monitor and the views expressed are the bloggers' own, as is responsibility for the content of their blogs. To contact us about a blogger, click here. To add or view a comment on a guest blog, please go to the blogger's own site by clicking on the link in the blog description box above.

About these ads
Sponsored Content by LockerDome
 
 
Make a Difference
Inspired? Here are some ways to make a difference on this issue.
FREE Newsletters
Get the Monitor stories you care about delivered to your inbox.
 

We want to hear, did we miss an angle we should have covered? Should we come back to this topic? Or just give us a rating for this story. We want to hear from you.

Loading...

Loading...

Loading...

Save for later

Save
Cancel

Saved ( of items)

This item has been saved to read later from any device.
Access saved items through your user name at the top of the page.

View Saved Items

OK

Failed to save

You reached the limit of 20 saved items.
Please visit following link to manage you saved items.

View Saved Items

OK

Failed to save

You have already saved this item.

View Saved Items

OK