Sophisticated "Ocean's 11" style heist is one of the largest in history
- Hackers remotely accessed bank computers to manipulate accounts and A.T.M.s.
- Banking groups make no comment
- Details expose incredible systemic vulnerability
An international group of cyber criminals have stolen at least $300,000,000 from over 100 banking and financial institutions in 30 different countries across the world - in a heist that has been described as "much more 'Ocean's 11'" than "Bonnie and Clyde" by the company investigating the theft.
Banks in Switzerland, the US, Japan, the Netherlands and particularly Russia were targeted in the past two years.
An investigation into the attacks - which was conducted by Kaspersky Lab, a Russian cyber-security company - began following an incident in Kiev where an A.T.M. started issuing cash spontaneously in 2013.
Kaspersky Lab found the bank's security system to be drastically compromised when employees opened e-mails purporting to come from their colleagues. The New York Times reports,
"The bank’s internal computers, used by employees who process daily transfers and conduct bookkeeping, had been penetrated by malware that allowed cybercriminals to record their every move."
"The malicious software lurked for months, sending back video feeds and images that told a criminal group — including Russians, Chinese and Europeans — how the bank conducted its daily routines, according to the investigators."
The investigation uncovered - though it could not identify - a global network of cyber-criminals using false bank accounts at JP Morgan Chase in the US and Agricultural Bank of China. The figure of $300 million is a conservative estimate and Kaspersky Lab speculate that the true figure may be closer to $900 million.
The malware "allowed the hackers to crawl across a bank’s network until they found employees who administered the cash transfer systems or remotely connected A.T.M.s."
"The goal was to mimic their activities,” the NYT reports a Kaspersky lab investigator as saying. "That way, everything would look like a normal, everyday transaction,”
Therefore - because no individual "transaction" ever exceeded $10 million and because they were executed from within the target bank's own system - they went undetected for two years.
No banks have admitted being subject to an attack. The American Bankers Association made no comment on the issue. The New York Times speculates that this is because the attacks are ongoing despite banks being aware of the problem.
The attacks demonstrate a shocking vulnerability in the highly interconnected global banking system. The Kaspersky Lab report gives a fascinating insight into the hackers operation.
"In some cases, they used online banking systems to transfer money to their accounts. In other cases, they ordered the banks’ A.T.M.s to dispense cash to terminals where one of their associates would be waiting."
"But the largest sums were stolen by hacking into a bank’s accounting systems and briefly manipulating account balances. Using the access gained by impersonating the banking officers, the criminals first would inflate a balance — for example, an account with $1,000 would be altered to show $10,000. Then $9,000 would be transferred outside the bank. The actual account holder would not suspect a problem, and it would take the bank some time to figure out what had happened."
The investigators have ruled out the involvement of any governments in the scam insisting that it was conducted by an international criminal gang. In this instance the motivation appears to have been simply profit.
However, if a criminal gang can infiltrate the banking system so easily for monetary gain it is very likely that governments hostile to the West could do the same for strategic advantage.
Using the same methodology it is likely that government hackers could devise any number of strategies to manipulate or even collapse the banking system should it prove advantageous. For example, it could orchestrate bank runs.
In previous articles we have covered how many governments are involved in cyber warfare. The US, Russia, Israel and Iran have a track record of attempting to sabotage their rivals with cyber-attacks.
The Western banking system is bloated with debt and very sensitive to shocks. At the same time the biggest rivals to the West, Russia and China, are accumulating gold bullion in astounding volumes.
Certainly if the cold war were to get much hotter it would be in their interest to collapse the western banking system - and with it the bank deposits of ordinary citizens - in a bid to overthrow the dollar with tangible, gold-backed currencies.
The Russians would feel completely justified in so doing given that Russia views itself as a victim of economic warfare instigated by the West.
Owning gold is a hedge against currency collapse. We advocate owning gold in good times and bad not with a view to making profit - though this is possible - but as protection against economic crises. It is essential to own some physical gold held in safe locations outside of the banking system.
No comments:
Post a Comment