Reuters is reporting that Kaspersky Labs is working with Interpol, Europol and other law enforcement authorities to ferret out more details of the attack, but they have announced several details.
Gene Kaspersky, founder and head of Kaspersky Labs is well known in white hat (good guy) hacking circles. His public pronouncements, while sometimes flashy, usually are found to hold water, so it is likely that the facts that have been released are accurate.
The attackers who have looted 100 banks for more than a billion dollars (which you and I get to pay for in the form of higher fees and lower interest payments), have taken several forms.
The first form, which I have reported on in the past (see this post), uses a spear phishing attack to get inside the bank and then inside the ATM network. The hacker then causes the ATM to dispense inappropriate bills to the hacker’s accomplice who is at the ATM at that moment.
The second form is even more creative. After hacking into the banks in the same way, the hackers watch the video surveillance feeds to figure out “normal” ways bank employees behave. They then add a sum of money to someone’s account and later, using what they learned watching the video, transfer it to their account. Since the customer’s balance is unchanged in the end, the customer is less likely to notice it. To the bank, it just looks like a regular deposit and later a withdrawl. It is likely that the funds are wired out to a bogus account set up by the hackers and then drained.
Pulling off these attacks requires a great deal of technical skill and logistics, so this is the work of a professional team, possibly state sponsored.
Unfortunately, for the banks – and ultimately us – this is a pretty expensive caper.
According to Kaspersky, these attacks are still going on. With them having already found 100 banks affected, it is unknown how many more have not been discovered.
The common components here are successful phishing attacks on administrators at the banks and lack of effective segmentation between the different parts of the bank like the ATM network, the surveillance network and the corporate network. Usually this is because that would be inconvenient for the employees. So is losing a billion dollars.