It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Fraud Ring In Hacking Attack On 60 Banks
page: 17
share:
Fraud Ring In Hacking Attack On 60 Banks
news.sky.com
(visit the link for the full news article)
Sixty million euro has been stolen from bank accounts in a massive cyber bank raid after fraudsters raided dozens of financial institutions around the world....
"If all of the attempted fraud campaigns were as successful as the Netherlands example we describe in this report, the total attempted fraud could be as high as 2bn (£1.6bn)."
That's quite a haul for a day's work.
This is the biggest single bank attack I've personally ever heard of, and not a single gun was lifted at a teller by a man in a ski mask. Instead it was all done through computers. The attack is notable in terms of the large amount stolen, the large number and variety of financial institutions hit, and the "insider level" of knowledge required to make it happen, according to those mentioned in the article.
I wonder if this has anything to do with the recent multi-day system malfunction at RBS (Royal Bank of Scotland)? Coincidence?
Is anyone really safe?
news.sky.com
(visit the link for the full news article)
This is the biggest single bank attack I've personally ever heard of, and not a single gun was lifted at a teller by a man in a ski mask. Instead it was all done through computers. The attack is notable in terms of the large amount stolen, the large number and variety of financial institutions hit, and the "insider level" of knowledge required to make it happen, according to those mentioned in the article.
I wonder if this has anything to do with the recent multi-day system malfunction at RBS (Royal Bank of Scotland)? Coincidence?
Is anyone really safe?
news.sky.com
(visit the link for the full news article)
edit on 6/26/2012 by silent thunder because: (no reason given)
I was reading about this and scratching my head. If it's all electronic, don't they know which accounts the money was pilfered too? Is the money
just *poof* gone or is it in some accounts somewhere and, if so, then someone must notice those account balances just got a whole lot bigger. It seems
sketchy to me.
ETA:with regard to RBS - I was wondering the same but more along the lines of this being a bank originated scheme to disguise losses.
ETA:with regard to RBS - I was wondering the same but more along the lines of this being a bank originated scheme to disguise losses.
edit on
6/26/2012 by kosmicjack because: (no reason given)
reply to post by kosmicjack
This I don't know. I wonder if the program covers its tracks somehow or erases the information about where the money was headed. It mentions so-called "mule accounts" so I assume there was shifting among multiple accounts.
Anyone out there with experitise in electronic security for banks?
This I don't know. I wonder if the program covers its tracks somehow or erases the information about where the money was headed. It mentions so-called "mule accounts" so I assume there was shifting among multiple accounts.
Anyone out there with experitise in electronic security for banks?
reply to post by kosmicjack
Not if the bank accounts transferred to aren't from the same bank stolen from.
However there should be a transaction history from the depositing bank that would say where the money came from.
However, if that Bank is outside of that countries laws and they care not for them.
Then getting them to surrender any information would be like separating food colouring from water.
Not if the bank accounts transferred to aren't from the same bank stolen from.
However there should be a transaction history from the depositing bank that would say where the money came from.
However, if that Bank is outside of that countries laws and they care not for them.
Then getting them to surrender any information would be like separating food colouring from water.
reply to post by kosmicjack
What a professional attitude the linked article reports. Leaving compromised servers running? Really??? Like you, I suspect this may not be a hacking attempt. I read only today or yesterday that the chief guy from RBS (or another of the affected banks) said they hoped to have the problem fixed "soon". No mention of a hack.
ETA And even if the servers in the part above are not under their control, it is trivial to block access.
"They have identified 60 different servers, many of them in Russia, and they have identified one alone that has been used to steal 60m euro," Kiley said. "There are dozens of servers still grinding away at this fraud – in effect stealing money."
What a professional attitude the linked article reports. Leaving compromised servers running? Really??? Like you, I suspect this may not be a hacking attempt. I read only today or yesterday that the chief guy from RBS (or another of the affected banks) said they hoped to have the problem fixed "soon". No mention of a hack.
ETA And even if the servers in the part above are not under their control, it is trivial to block access.
edit on 26/6/12 by LightSpeedDriver
because: ETA
reply to post by silent thunder
Yes, it probably involved something along those lines. It wont be completely impossible to trace the money but it will be very difficult. By the time they find where it went the money will most likely be already transferred out of the banking system and transformed into other types of assets.
It mentions so-called "mule accounts" so I assume there was shifting among multiple accounts.
Yes, it probably involved something along those lines. It wont be completely impossible to trace the money but it will be very difficult. By the time they find where it went the money will most likely be already transferred out of the banking system and transformed into other types of assets.
Originally posted by LightSpeedDriver
reply to post by kosmicjack
"They have identified 60 different servers, many of them in Russia, and they have identified one alone that has been used to steal 60m euro," Kiley said. "There are dozens of servers still grinding away at this fraud – in effect stealing money."
What a professional attitude the linked article reports. Leaving compromised servers running? Really??? Like you, I suspect this may not be a hacking attempt. I read only today or yesterday that the chief guy from RBS (or another of the affected banks) said they hoped to have the problem fixed "soon". No mention of a hack.
ETA And even if the servers in the part above are not under their control, it is trivial to block access.edit on 26/6/12 by LightSpeedDriver because: ETA
Indeed that is highly suspicious. Quite frankly I'm surprised ONE account had 60 mill in it. Seems like someone knew exactly where to look if you ask me...
reply to post by ChaoticOrder
To say nothing of the care, attention, planning and equipment this would take "a bunch of criminals" to perform. One single access to those systems will leave some nice tell-tale information behind in the logs of some network security device, firewall, monitor, etc. Not an easy thing to know how to do without knowing EXACTLY what you're up against.
ETA Another thing I was thinking of is that, long story, me being a dumb foreigner in this country I needed to be told things, about how things worked, etc, etc. One of the things I was told was that if I make a bank deposit, online banking say and get the account number wrong, I and the bank have no legal right to take the money back. The only recourse, as I was told it, is to ask the bank to contact the account holder and ask them to return the money. If they decline, there is nothing anyone can do.
I have no idea if the same is true in my native UK but it could be a bank thing. Once the money is gone, even though they might happen to know where it went and that it was an error, their own rules don't let them correct it?
Needless to say, I always check the account number 3 times when making payments.
To say nothing of the care, attention, planning and equipment this would take "a bunch of criminals" to perform. One single access to those systems will leave some nice tell-tale information behind in the logs of some network security device, firewall, monitor, etc. Not an easy thing to know how to do without knowing EXACTLY what you're up against.
ETA Another thing I was thinking of is that, long story, me being a dumb foreigner in this country I needed to be told things, about how things worked, etc, etc. One of the things I was told was that if I make a bank deposit, online banking say and get the account number wrong, I and the bank have no legal right to take the money back. The only recourse, as I was told it, is to ask the bank to contact the account holder and ask them to return the money. If they decline, there is nothing anyone can do.
I have no idea if the same is true in my native UK but it could be a bank thing. Once the money is gone, even though they might happen to know where it went and that it was an error, their own rules don't let them correct it?
Needless to say, I always check the account number 3 times when making payments.
edit on 26/6/12 by LightSpeedDriver because: ETA
Another interesting snippet from the article:
So this software can get around the mechanisms which warn the bank when large amounts of money are being rapidly transferred? I don't understand how it could do that... I can hardly even believe they were able to compromise such a LARGE number of different banks and install malicious software on all their servers, how the hell did that manage that? It seems completely infeasible to me that any one group of hackers could penetrate such a large range of banks in such a small period of time... it's as if they figured out some sort of master key hack which makes nearly every bank server completely unprotected. And is that picture of the code near the top of the article supposed to be from the actual malicious software? The caption under the picture says "The code is believed to have attacked more than 60 financial institution"... it doesn't look like any code I've ever seen before, but it could be encoded and obfuscated.
"It can get around some of the mechanisms that alert the banking system to abnormal activity."
So this software can get around the mechanisms which warn the bank when large amounts of money are being rapidly transferred? I don't understand how it could do that... I can hardly even believe they were able to compromise such a LARGE number of different banks and install malicious software on all their servers, how the hell did that manage that? It seems completely infeasible to me that any one group of hackers could penetrate such a large range of banks in such a small period of time... it's as if they figured out some sort of master key hack which makes nearly every bank server completely unprotected. And is that picture of the code near the top of the article supposed to be from the actual malicious software? The caption under the picture says "The code is believed to have attacked more than 60 financial institution"... it doesn't look like any code I've ever seen before, but it could be encoded and obfuscated.
edit on 26/6/2012 by ChaoticOrder because: spelling
More news links:
Video: Fraud ring in hacking attack on 60 banks
Cyber criminals may have siphoned off 2 bn euros from 60 banks
Cyber attacks hit global banks for $80 mn: Study
Sophisticated bank fraud attempted to steal at least $78 million
McAfee discovers $78 million worth of sophisticated cyber attacks against banking systems
EDIT: and here's the PDF report released by McAfee:
Operation High Roller
Video: Fraud ring in hacking attack on 60 banks
Cyber criminals may have siphoned off 2 bn euros from 60 banks
Cyber attacks hit global banks for $80 mn: Study
Sophisticated bank fraud attempted to steal at least $78 million
McAfee discovers $78 million worth of sophisticated cyber attacks against banking systems
EDIT: and here's the PDF report released by McAfee:
Operation High Roller
edit on 26/6/2012 by ChaoticOrder
because: (no reason given)
From the first link in the OP
So is it related to the recent RBS / Natwest incident?
www.abovetopsecret.com...
Sky News defence and security editor Sam Kiley said: "It does include British financial institutions and has jumped over to North America and South America.
So is it related to the recent RBS / Natwest incident?
www.abovetopsecret.com...
reply to post by mr-lizard
That remains to be seen but I think that if they should "pull that card" they can kiss their bank goodbye. And hopefully a few major players in said banks will be making intimate and personal acquaintance with the inside of a 3 x 4 cell for several years, courtesy of Her Majesty's government. Let us hope that does not happen though, because many innocent people will lose a lot of money. The government will be forced to step in and uh...wait. Didn't that happen once already?
That remains to be seen but I think that if they should "pull that card" they can kiss their bank goodbye. And hopefully a few major players in said banks will be making intimate and personal acquaintance with the inside of a 3 x 4 cell for several years, courtesy of Her Majesty's government. Let us hope that does not happen though, because many innocent people will lose a lot of money. The government will be forced to step in and uh...wait. Didn't that happen once already?
Originally posted by silent thunder
reply to post by kosmicjack
This I don't know. I wonder if the program covers its tracks somehow or erases the information about where the money was headed. It mentions so-called "mule accounts" so I assume there was shifting among multiple accounts.
Anyone out there with experitise in electronic security for banks?
Mule accounts... This may sound odd, but Diablo (the PC game) was based around the concept of mules and stuff was stolen all the time, gold, items, accounts....
The idea of a mule account is very simple, you create a fraudulent account under a pseudonym with false information, you pilfer all your goods and transfer them to these mule accounts. The smaller the balance the harder to track, the more accounts you have to keep track of, the more logistically challenging it becomes to trace.
So you offload 1.2 billion into a million accounts.... How do you trace each one of those accounts individually?
Then you launder it by making it appear to be spent on goods that don't exist that you own with your real information. Sure, you'd end up giving a lot back in taxes, however -- you just became an instant 500+ millionaire.
How easy would it be to create a million bank accounts? Pretty easy if you worked in a bank for a few years and planned this in advance and had insider knowledge of the program code that the bank actually uses.
I.E.
You would have to be one of the big fish in the banking cartel already to accomplish something of this magnitude, in which case would give him a hell of a lot of power to conceal the fraud.
Could also be paypal actually, to verify your bank account you have to give them your online banking username and password on their word that they won't record it.
How easy would it be to just set up a bot to log into all these accounts and empty them to predetermined accounts setup for this specific purpose.
They could collect bank information for years and then one day your account is empty. It's not like it could ever be linked back to paypal unless they did it from locations or accounts that can be attached to the pay pal entity. Which is not likely in a hack this premeditated.
I guess someone finally beats Danny Ocean.
edit on 27-6-2012 by Laokin because: (no reason given)
Originally posted by Laokin
You would have to be one of the big fish in the banking cartel already to accomplish something of this magnitude, in which case would give him a hell of a lot of power to conceal...
I wonder, though. Maybe they simply outsourced their security to he wrong people. I could see it happening. Many managerial types lack the ability and skills to truly evaluate hardcore techies. It could simply have been a group of ambitious tech-savvy criminals with a very polished operation. Fraud rings have been proliferating in the last few years; this one is particularly large and bold but perhaps this sort of thing is to be expected.
More details are emerging:
mobile.scmagazineuk.com...
June 27, 2012
Operation High Roller, as it is now known, is a sophisticated attack on the customer accounts of 60+ banks, via internet banking, that has netted the bad guys between £46 million and £1.6 billon, depending on which article you read.
As you might have read yesterday, Operation High Roller relies on malware on a victim's PC that alters the way an internet banking site of a bank looks and reacts. The malware obtains legitimate logon and validation details from a user by tricking the user into thinking that they are responding to the banks website.
Once in possession of the details, the attacker is then able to use those details to transfer money out of the victim's bank account all while displaying an error, or 'please wait' screen to the user. Furthermore, to cover the bad guys' tracks, the malware will also remove evidence of the fraudulent transfers from the internet banking transaction list and block access to downloadable statements so it can't be traced or recovered.
mobile.scmagazineuk.com...
new topics
-
Simple Thanksgiving
Food and Cooking: 3 hours ago -
Trump could make a peaceful American Revolution
US Political Madness: 7 hours ago -
Trump Presidential Transition Team will not use GSA or Government entities to come to DC
US Political Madness: 7 hours ago -
Mind Blowing Cave under someones land
Fragile Earth: 7 hours ago -
The Party of Peace - Trump Cabinet Picks Targeted with Death Threats
US Political Madness: 8 hours ago -
V.P. Kamala Harris releases a video and nobody understands why
US Political Madness: 11 hours ago
top topics
-
D.B. Cooper mystery may be solved
General Conspiracies: 16 hours ago, 21 flags -
V.P. Kamala Harris releases a video and nobody understands why
US Political Madness: 11 hours ago, 16 flags -
The Party of Peace - Trump Cabinet Picks Targeted with Death Threats
US Political Madness: 8 hours ago, 14 flags -
Trump Presidential Transition Team will not use GSA or Government entities to come to DC
US Political Madness: 7 hours ago, 13 flags -
Trump could make a peaceful American Revolution
US Political Madness: 7 hours ago, 13 flags -
Mind Blowing Cave under someones land
Fragile Earth: 7 hours ago, 12 flags -
Simple Thanksgiving
Food and Cooking: 3 hours ago, 6 flags
active topics
-
Encouraging News Media to be MAGA-PAF Should Be a Top Priority for Trump Admin 2025-2029.
Education and Media • 81 • : WeMustCare -
The Party of Peace - Trump Cabinet Picks Targeted with Death Threats
US Political Madness • 15 • : chr0naut -
I thought Trump was the existential threat?
World War Three • 110 • : SomeStupidName -
V.P. Kamala Harris releases a video and nobody understands why
US Political Madness • 74 • : chr0naut -
Post A Funny (T&C Friendly) Pic Part IV: The LOL awakens!
General Chit Chat • 7839 • : argentus -
Trump Presidential Transition Team will not use GSA or Government entities to come to DC
US Political Madness • 10 • : marg6043 -
Simple Thanksgiving
Food and Cooking • 16 • : argentus -
President-Elect DONALD TRUMP's 2nd-Term Administration Takes Shape.
Political Ideology • 255 • : NoCorruptionAllowed -
Federal law trumps state and local law every time
Social Issues and Civil Unrest • 33 • : yuppa -
The Acronym Game .. Pt.4
General Chit Chat • 995 • : JJproductions
7