Carbanak Cybergang Stole Up to $1 Billion in Worldwide Online Bank Heist
A sophisticated malware attack on multiple banks in 30 countries has allegedly netted a cybergang up to $1 billion over the last two years, reports cyber security firm Kaspersky Lab.
"This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert," said Chris Doggett, managing director of Kaspersky Lab North America, according to The New York Times.
While the majority of financial organizations attacked were in Russia, some banks in Japan, the United States and Europe were also targeted.
Kaspersky estimated the stolen amount at between $300 million and $1 billion.
According to the cyber security company, the cyberattack on financial organizations started in late 2013 when hackers sent emails to hundreds of bank workers tricking them into downloading the malware. Once the malware was downloaded, it opened the access for hackers into the bank's computer network to search for employees operating the money transfer systems and ATMs. Next, the criminals installed tools that captured screenshots and video of employee workstations to learn how they worked.
A backdoor was installed onto the victim's PC based on the Carberp malicious code, which Kaspersky used to name the campaign "Carbanak."
"The goal was to mimic their activities," malware expert Sergey Golovanov of Kaspersky said. "That way, everything would look like a normal, everyday transaction."
The cybercriminals gathered the necessary information, set up fake accounts in different countries and transferred the money into those accounts. ATMs were given a malware infection to dispense cash to accomplices.
The hackers would inflate an account's balance, immediately withdraw the inflated amount and then return the account to its original balance. The method made it difficult for the account holder and bank to spot the theft.
Kaspersky said law enforcement agencies in the affected countries, including the FBI, have already been given a report that lists which banks were targeted.
No U.S. bank has acknowledged the theft, a problem President Obama mentioned on Friday during the first White House summit meeting on cybersecurity and consumer protection at Stanford University. He stressed the importance of passing a law that would require public disclosure of any data breach that jeopardizes personal or financial information.
Subscribe to Latin Post!
Sign up for our free newsletter for the Latest coverage!