Accessibility links

Security Firm: Cybercrime Ring Stole Up to $1B From Banks

  • Reuters

FILE - An employee works at the headquarters of Kaspersky Labs, a computer security company in Moscow.

FILE - An employee works at the headquarters of Kaspersky Labs, a computer security company in Moscow.

A multinational gang of cybercriminals has stolen as much as $1 billion from as many as 100 financial institutions around the world in about two years, Russian computer security company Kaspersky Labs said Saturday.

The company said it was working with Interpol, Europol and authorities from different countries to try to uncover more details on what it called an unprecedented robbery.

The gang, which Kaspersky dubbed Carbanak, takes the unusual approach of stealing directly from banks, rather than posing as customers to withdraw money from companies' or individuals' accounts. It said the gang included cybercriminals from Europe, including Russia and Ukraine, as well as China.

Carbanak thieves used carefully crafted emails to trick pre-selected employees into opening malicious software files, a common technique known as spear phishing, the company said. They were then able to get into the internal network and track down administrators' computers for video surveillance.

In this way, Kaspersky said, the criminals learned how the bank clerks worked and could mimic their activity when transferring the money.

In some cases, Carbanak inflated account balances before pocketing the extra funds through a fraudulent transaction. Because the legitimate funds were still there, the account holder would not suspect a problem.

Kaspersky said Carbanak also remotely seized control of ATMs and ordered them to dispense cash at a predetermined time, when a gang member would be waiting to collect the money.

"These attacks again underline the fact that criminals will exploit any vulnerability in any system,'' Sanjay Virmani, director of Interpol Digital Crime Center, said in a statement prepared by Kaspersky. "It also highlights the fact that no sector can consider itself immune to attack and must constantly address their security procedures.''

XS
SM
MD
LG