With ATM machines charging us $3 to take money out of our own bank accounts, it may seem like the machines are stealing from us. Easy and omnipresent access to the cash machines warrants these "convenience charges." Now, an elite group of hackers from across the globe have convinced ATM machines that it was time to give back, to the tune of $1 billion.
A group of international cyber criminals have spent nearly a year planning this massive bank theft. Kaspersky Lab, a Russian security firm, has recently released a report detailing the hacker scheme that resulted in the theft of as much as $1 billion from 100 banks in 30 countries. This worldwide heist may signal the coming of a new wave of hyper advanced cyber crime. Gone may be the days of individual identity theft to profit crooks a few hundred dollars. Next up may be the theft from banks themselves, who have much deeper pockets.
The criminal group appears to have installed malware inside the bank's software to pull off their attack. This recent announcement has security experts cautious about what the sophisticated attack may portend for the future. Eric Chiu, president of HyTrust, a cloud-based services company, said, "the recent news of bank thefts around the world is an example of the new normal in terms of cyber attacks leveraging insider threats."
The con artists played the long game, waiting and watching for months before making their move. After careful observation, the banks were bilked of millions through a variety of clever schemes. The crooks could remotely watch how employees inside the banks worked, to plan how best to mimic legitimate banking transactions, which took amounts under $10 million to their own outside bank accounts. In other instances, they could trick the computer systems todispense cash from ATMs to their waiting bag men. According to the report, one bank was milked of $7 million through ATM machines.
In another move, accounts would be bulked up with extra cash, which was then withdrawn, leaving the original amounts still there so that account holders would never know of the transactions. Kaspersky Lab has called the theft, "the most successful criminal cyber campaignwe have ever seen." So far, it appears no U.S. banks were involved in the cyber heist. The victims appear to be mostly Russian banks. But U.S. and other international banking systems may be targeted in the future. Kaspersky is working with Interpol, Europol and other national authorities to get more information on the attack and the perpetrators.
So far, little is known about the group, which has been dubbed "Carbanak," by the report. It appears to involve hackers from around the world, including people from Europe, Russia, Ukraine, and China. The group would send targeted emails to specific bank employees to open the malware. Once inside, the gang could see every move bank officials made to move money. This theft highlights the vulnerabilities of not only banking systems, but now should be a signal to other financial sectors that no business is immune to sophisticated security hacks.