BY: ZOE MELNYK
Hundreds of millions of dollars were recently stolen from banks across the world by criminals without the use of traditional guns and ski masks. In fact, they have never even set foot in the banks they’re stealing from.
According to a New York Times article, banks from across the world have been unknowingly losing at least $300 million to cyber-criminals since 2013.
The cyber-criminals, known as the Carbanak cyber gang, operate by sending e-mails to the banks’ employees that appear to come from co-workers. Once opened, Carbanak malware is installed throughout the computer allowing the cyber-criminals to see the banks operations and mimic the employees’ behavior.
The first sign of robbery was reported from an A.T.M. machine in Kiev, Ukraine, in late 2013. Russian cyber-security firm, Kaspersky Lab, was called to inspect the alleged thieveries.
This is how they do it:
Investigators came to the conclusion that the cyber-thieves installed a RAT, a remote access tool that allowed the hackers to view video and screenshots from the employees’ computers.
Once the cyber-criminals gained access to the banks’ systems, they were able to manipulate accounts and withdraw up to $10 million at once via A.T.M. machine or account transfers.
The New York Times article included that the investigation from the Kaspersky Lab has shown at least $300 million stolen, possibly up to $1 billion.
There has been no report released on the specific names of the banks affected from the robberies. Also, no bank has offered any comments, possibly in order to avoid public scrutiny about not detecting the hacking earlier.
Banks could also be hesitant to disclose any information since the cyber-criminals have not been found. The robberies could still be continuing, but as seen in the Times article, the Financial Services Information Sharing and Analysis Center released a statement claiming, “our members are aware of this activity. We have disseminated intelligence on this attack to the members.”
Kaspersky Lab released a full report titled The Great Bank Robbery: Carbanak APT disclosing information about how the Carbanak cyber-gang was able to infiltrate the banking system, and what this could mean for the future of bank robberies.
“We believe that the Carbanak campaign is a clear indicator of a new era in cybercrime in which criminals use APT (Advanced Persistent Threat) techniques directly against the financial industry instead of through its customers,” as seen in the Kaspersky Lab report.
New protocol and protective software are being created to prevent future cyber attacks from the Carbanak cyber-gang; however, this will probably not be the last of the cyber-criminal era.