Most Effective Bank Robbing Tool? The Keyboard, Apparently
Russian security company Kapersky Labs, which was hired by a Ukranian bank in 2013 to investigate an ATM that randomly dispensed cash without even an ATM card present, is credited with discovering one of the biggest bank robberies in history.
The firm’s investigation revealed that cyber criminals installed malware on bank systems which allowed them to study the behavior of bank employees and then impersonate them, transferring millions to accounts in China and America. Most of the banks targeted were in Russia, but other countries were targeted as well, including the United States, Switzerland, and the Netherlands.
The 300 Million Dollar Mystery
Perhaps more interesting, no bank has yet acknowledged the thefts nor notified their customers of them. Common sense would lead one to believe that if that much money goes missing, someone somewhere is going to be held responsible. But as of yet, the American Bankers Association along with other mouthpieces for the banking industry have remained eerily silent. Only the Financial Services Information Sharing and Analysis Center has spoken on the matter, and only to confirm that its members had been made aware of the theft.
Bank robberies happen every day, in every country, and have for as long as banks have existed. Putting a large store of value in a central location and letting everyone know that it’s there is a good way of attracting that sort of crime. But usually bank robberies require overwhelming use of violence and terrorism to achieve their ends. They are rarely as sophisticated and ongoing as this unless they are done from the inside, that is, embezzlement.
Account Holders Were Not the Target
The hackers stole the money in a number of different ways. One of them was through inflation of balances. They would take a user’s balance and increase it by a great deal, then transfer the increase to a destination account in the United States or China. In this way, the actual account holder would rarely even notice (his balance had been left the same), and the bank would take at least four hours to notice, if at all, and would then be puzzled. All the while, the hackers had video feed and complete control of several bank systems, so countermeasures or detection would be known to them in advance.
In the absence of enough hard facts, speculation flourishes. Users of the popular hacker Facebook page, 2600: A Hacker Quarterly, speculated that it could be ISIS related. One user wrote:
Gee, I can’t imagine where all that money went. They’ll be picking up that guy tomorrow morning or scraping him together into a puddle of GOO if they find out he has ISIS links.
However, at this time, the story is still developing. Since it appears that in most cases the victims were not the account holders, but the banks themselves, actual numbers and dates will be slow to reach the light of day, if at all. This can be attributed to the need for a good reputation – people generally want to bank with someone they can trust not to get robbed, and these attacks make the victimized banks look like goldfish in a shark tank.
Images from Shutterstock.