The criminals used malware called Carbanak, planted in a bank in the Ukranian capital Kiev to set off a string of undercover operations that disguised them as normal bank procedure.
Kaspersky won’t reveal the names of the banks hit because of nondisclosure agreements but the White House and the FBI have been briefed on the findings.
The thefts were limited to $10 million a transaction with some banks hit several times, the modest hauls failing to set alarm bells ringing.
The majority of the targets were in Russia, but other were in Japan, the US and Europe. It’s not known if any Australian banks were targeted.
The thefts have triggered a massive international search by anti-crime organisations across the globe to find and prosecute the perpetrators of the heist. It was an operation of stunning simplicity and probably masterminded by someone with intimate knowledge of international bank operations and IT systems.
In late 2013, an ATM in Kiev started dispensing cash at seemingly random times of day. No one had put in a card or touched a button but the piles of money were swept up by customers who appeared lucky to be there at the right moment.
When Kaspersky Lab investigated, it discovered the errant machine was the least of the Ukranian bank’s problems. Internal computers had been penetrated by malware that allowed cybercriminals to record passwords, transactions and other security details.
The malware recorded keystrokes and screen shots of the bank’s computers enabling the hackers to control the banks’ computers remotely.
The group then impersonated bank officers, turning on cash machines and transferring millions of dollars into dummy accounts set up in several countries.
Interpol digital crimes specialists in Singapore are coordinating the investigation with law enforcement in affected countries.
|
