Bankers’ money is stolen and ATMs rigged to give currency notes, says a report by internet security firm
GN Bureau | February 16, 2015
Internet security firm Kaspersky Lab has revealed that hackers have stolen approximately $1 billion from over 100 banks in 25 countries and termed it as one of the largest bank heists. It also said the "attacks remain active," and provided tips for bank officials to determine if their computers are vulnerable.
Most of the targets have been in Russia, the US, Germany, China and Ukraine, although the attackers may be expanding throughout Asia, the Middle East, Africa and Europe, Kaspersky says. In one case, a bank lost $7.3 million through ATM fraud.
The hackers surreptitiously install spying software on bank computers and learn how to mimic bank workflow. Kaspersky called the malware "Carbanak" and said it provided the hackers the ability to watch bank employees.
After penetrating a bank's computer systems, the hackers lurked for "two to four months" before striking. Generally, they indulged in changing an account balance, then transferring the excess funds into their own accounts. They also spewed cash out of ATMs with one of the gang member waiting near the machine to collect the booty.
Strangely, the attackers targeted the banks and not their customers or their account information. The hackers seem to limit their theft to about $10 million before moving on to another bank.
The Kaspersky report was presented on Monday at a security conference in Cancun, Mexico.
Last year, 16 financial institutions in the US were asked by the legislators to admit that they have been hacked, explain how it happened and be transparent about what they had lost.
The Obama administration has sought a national law to replace existing state laws and making financial institutions to notify consumers in case their personal information has been compromised.
Should public sector banks be privatised?