Report: Using Malware, Hackers Steal Millions From Banks

Tuesday, February 17, 2015

Putting in place a sophisticated digital racket, hackers were able to steal millions of dollars from up to 100 banks in what the Russian cybersecurity company Kaspersky Lab is calling “the most successful criminal cyber campaign we have ever seen.”

Kaspersky, which helped uncover a piece of malicious software in the systems of bank computers, says the scheme worked like this: First the hackers were able to install malicious software on computers by phishing bank employees. That led to the infection of hundreds of machines.

The hackers kept watch until they found the computer of an administrator. That’s when they recorded the screen and keystrokes to learn the system. Eventually, they mimicked the staff and transferred large sums of money from banks in Russia, Switzerland, Japan, the United States and the Netherlands to dummy accounts in other countries.

In other cases, they simply instructed ATMs to dispense money at certain times, where a conspirator would collect it. Perhaps in a sign of the hackers’ sophistication, each bank robbery took two to four months from the infection of the computer to cashing the money out.

Kaspersky was first alerted to the scheme by a piece of code hiding in an infected ATM. The company investigated for months and eventually pieced together what was going on.

Kaspersky said it cooperated with police and learned that up to 100 institutions were targeted.

Source: NPR (link opens in a new window)