Breaking: 60 million euros stolen from bank accounts in organised cyber bank raid
Last edited Tue Jun 26, 2012, 03:29 PM - Edit history (1)
Source: Sky News
60 million euros stolen from bank accounts in organised cyber bank raid, attacks mainly targeted Italian, German and Dutch banks.
Read more: https://twitter.com/SkyNewsBreak/status/217557091915796480
Sky News just Tweeted this.
formercia
(18,479 posts)Inquiring minds want to know.
clang1
(884 posts)Egalitarian Thug
(12,448 posts)clang1
(884 posts)Last edited Tue Jun 26, 2012, 03:52 PM - Edit history (4)
to just what this is supposed to mean exactly: 'insider level of understanding'. Sounds made up even, but...Hmmm. Via computer, yes, someone on the inside? But then they mention servers... Hmmm. What does it mean.. Heh. Heh.
Very interesting article.
It must refer to knowledge. Yes. They stole the money, they understand how various systems work INSIDE. --Perhaps that is what it means. It does. Interesting. Not good one bit. I wonder what sort of banking. This is way more than, let's say, just 'keylogging' on a workstation with home banking software installed.
Very, very basic doc, but this might help people understand the basics:
ONLINE BANKING SECURITY 101: UNDERSTANDING YOUR RISKS
http://www.sqnetworks.com/wp-content/uploads/2010/11/AOS_ONLINE%20BANKING%20SECURITY%20101.pdf
These attacks sound much more sophistacted than those in the PDF. They are in fact.
Yep.....
http://www.reuters.com/article/2012/06/26/us-online-bankfraud-idUSBRE85P04620120626
New bank theft software hits three continents: researchers
By Joseph Menn
SAN FRANCISCO | Tue Jun 26, 2012 12:04am EDT
SAN FRANCISCO (Reuters) - A new wave of automated hacking of online bank accounts might have stolen $78 million in the past year from customers in Europe, Latin America and the United States, according to researchers who peered into the computers of the hacking gangs.
The groups used recent improvements to two families of existing malicious software, known as Zeus and SpyEye, which lodged on the computers of clients at 60 banks.
While previous versions of the software have proved adept at stealing logon information, the latest variants automate the subsequent transfer of funds to accounts controlled by accomplices.
"This looks like the beginning of a new technique," said Guardian's Vice President Craig Priess, whose firm specializes in protecting banks.
The software is sophisticated enough to defeat "chip and PIN" and other two-factor authentication and to avoid transferring the entire contents of an account at one time, which can trigger review, according to the study.
"Someone designing this system has insider knowledge as to what the banks are looking for," said Dave Marcus, research director at Mcafee Labs.
Server logs viewed by the researchers saw commands from the fraud rings to transfer a total of $78 million, including $130,000 from one account. The banks may have been able to block some of those transactions, the researchers acknowledged.
MONEY MULES
Though written and controlled by different groups, SpyEye and Zeus share the ability to be installed on computers that visit malicious websites or legitimate pages that have been compromised by hackers, as well as through tainted links in emails.
The programs already have used a technique called "web injection" to generate new entry fields when victims log on to any number of banks or other sensitive websites. Instead of seeing a bank ask for an account number and password, for example, a victimized user sees requests for both of those and an ATM card number. All that information is sent to the hacker, who signs in and transfers money to an accomplice's account.
Those transfers can be time-consuming, and the hacker has to consider how much can be sent at once without drawing attention. Multiple, smaller transfers are preferable but take more time.
Trend Micro spoke online with sellers of the automated transfer modules who were based in Russia, Ukraine and Romania, where arrests and prosecutions are rare. It said the new software costs between $300 and $4,000.
(Editing by Daniel Magnowski)
muriel_volestrangler
(101,352 posts)A global fraud ring has been targeting high net-worth businesses and individuals has netted the criminals an estimated $78 million (60 million euros).
According to McAfee and Guardian Analytics which today issued a report on the fraud, "Dissecting Operation High Roller," the attacks, first identified this winter, have hit 60 or more institutions and the total amount stolen may in fact be may be much higher.
The two security firms say they have tracked "at least a dozen groups" that are relying on "server-side components and heavy automation" with about 60 servers processing thousands of attempted thefts from commercial accounts and the rich. This appears to be happening mainly in the European Union countries, though there's also evidence of it in Latin America and the U.S. These attacks are said to differ from the known malware-based SpyEye and Zeus attacks in that they are far more automated and usually done without human intervention.
"The advanced methods discovered in Operation High Roller show fraudsters moving toward cloud-based servers with multi-faceted automation in a global fraud campaign," said Dave Marcus, McAfee director of advanced research and threat intelligence.
http://www.pcadvisor.co.uk/news/security/3366420/bank-hack-operation-high-roller-has-netted-78m-so-far/