Kaspersky Labs have this week gone public with news of the world’s largest cyber bank heist. They estimate the heist netted somewhere between 300 million and 900 million USD from over 100 banks around the world.
As with all great heists this one started off simply enough with the collecting of information, surveillance. Early 2013 saw bank employees around the world receiving an innocent looking email that just happened to be loaded with malware, a process called spear phishing.
With the click of a single email the malware was set loose on the banks computer system. The malware took advantage of software that hadn’t had the latest security patches applied, Microsoft Office being a common candidate., always do your updates people. Using these vulnerabilities the hackers were able to install RAT (Remote Access Tool) software that gave them the ability to silently observe and collect information.
Once their software was entrenched in the banks systems the hackers waited and watched, learning the weaknesses and even watching video feeds of employees within secure areas. For months they studied and identified weaknesses. This was the long play part of the plan and an indicator that this was no smash and grab hack, this was a very professionally executed cyber robbery carried out by people that understood their targets very well.
Once the hackers were happy they understood the systems and processes they began to implement their plan. Shuffling money around accounts, setting up their own accounts and even creating their own debit cards. JP Morgan Chase and the Agricultural Bank of China seemed to the banks of choice for establishing these fake destination accounts.
Incredibly the hackers had studied each of the banks process so intensely that they were able to follow the banks own procedures for each of these tasks making it very difficult to identify.
Once collected the money was then shifted out of the banking system through online institutions and ATM’s around the world. The hackers even had the ability to empty an ATM at the press of a button. They also used existing customer accounts to transfer out money, by first inflating an account balance from say $1,000 to $10,000 then shifting the inflated ($9000) amount out to a destination account.
Cash was also extracted from ATM’s by cash mules who would casually walk up to ATM’s around the world and without even touching the ATM it would empty its cash draw for them. This clever little trick would suggest that the RAT software had been spread around the banks network so completely that it was even on the ATMs.
As with many great tales of the big score the plan was uncovered almost by accident when a bank in the Ukraine noticed an ATM randomly spitting out money. The bank contacted Kaspersky to investigate the cause and Kaspersky quickly realized this single ATM was just the tip of the iceberg.
Was the mule absent or had the ATM gone rouge? It is also very possible that if Kespersky hadn’t detected the hack at this point it may still be going on under the noses of banks.
Kaspersky Labs have tracked the source of the heist to hackers operating out of Russia, China and Europe but it is going to be a very lengthy process to track down the masterminds behind this record breaking heist. If they are as thorough at covering their tracks as they were at setting up the heist we may never know names behind the largest bank heist in history.
Reference: New York Times