Originally published July 4 2012
Massive cyber bank raid steals 60 million euro from dozens of international financial institutions
by J. D. Heyes
(NaturalNews) It's bad enough the European governments are hemorrhaging money, now tens of millions of euros have been cyber-lifted from bank accounts by high-tech hackers operating a widening fraud ring.
A joint report by software security maker McAfee and Guardian Analytics said more than 60 firms have lost more than €60 million ($75.44 million) in what has been described as an "insider level of understanding."
"The fraudsters' objective in these attacks is to siphon large amounts from high balance accounts, hence the name chosen for this research - Operation High Roller," the report said. "If all of the attempted fraud campaigns were as successful as the Netherlands example we describe in this report, the total attempted fraud could be as high as 2bn euro (€1.6bn)."
The security firms said two popular automated malicious software programs have been modified to access servers in thousands of attempted thefts from both private individuals and commercial companies. The stolen loot was then sent to so-called "money mules" in amounts ranging from a few hundred euros to €100,000 at a time. Money mules, the report noted, are people who receive the stolen funds and launder them, knowingly or not.
Theft programs use automated transaction technology
The high-tech thieves used the Zeus and SpyEye crime tool kits to steal at least €60 million, the report said, though the actual amount could wind up being much more. The security firms noted that transactions totaling €1 billion have been attempted.
Experts say the criminals behind this heist have moved away from malware and into central servers, which has made their job much more efficient.
David Marcus, director of advanced research and threat intelligence for McAfee, said each server used handled an operation against a single financial institution or geographical region.
"If you go back a couple of years, most of the criminals' nastiness and heavy lifting happened on the end host," he said, according to eWeek.com. "What became really apparent here is this move to an automated transaction server methodology, and actually the vast percentage of the fraudulent logic to this server that is controlled by the fraudster, is making a difference. The amount of sophistication and how you can target specific individuals and specific financial institutions ... was astounding."
Included in the attacks are credit unions, large multinational banks and regional financial institutions, the report said. Victims were first discovered in Italy before being found in Germany and the Netherlands as well.
Digital tracks then led to South America, where the cyber-thieves targeted businesses with more than $500,000 in monetary assets, and to North America - Canada and the U.S. - where thieves targeted some 109 firms.
"What they have done differently from routine attacks is that they have gotten into the bank servers and constructed software that is automated," Sky News defense and security editor Sam Kiley said, adding that of the 60 servers identified in the attacks, many were in Russia. "It can get around some of the mechanisms that alert the banking system to abnormal activity.
"There are dozens of servers still grinding away at this fraud - in effect stealing ," Kiley said.
"We were able to identify the system - the communications between the infected hosts, the automated transaction servers and the command-and-controls servers," Marcus noted. "The ones in Europe left the attack data exposed ...but the ones in America were locked down."
Marcus did not want to praise the criminals too much.
"From the bank's perspective, I just logged in, provided my credentials and made a transfer - that doesn't look fraudulent," said Marcus, discussing how the fraudulent transactions are being made. "Without giving the bad guys too much credit, that's pretty clever."
All content posted on this site is commentary or opinion and is protected under Free Speech. Truth Publishing LLC takes sole responsibility for all content. Truth Publishing sells no hard products and earns no money from the recommendation of products. NaturalNews.com is presented for educational and commentary purposes only and should not be construed as professional advice from any licensed practitioner. Truth Publishing assumes no responsibility for the use or misuse of this material. For the full terms of usage of this material, visit www.NaturalNews.com/terms.shtml