In late 2013, bank security cameras in Ukraine captured some truly unbelievable footage. One of their ATM machines appeared to be dispensing cash at random, even though no one had inserted a bank card or even touched a single button. As passers-by eagerly scooped up the piles of cash, the bank scrambled to find out what the heck was going on.
Soon, they would find out that an errant ATM was the least of their problems — they had fallen victim to one of the biggest cyber attacks in history. Hackers had been working behind the scenes for years, and they had stolen 850 million dollars online!As soon as the Ukrainian bank became aware of their ATM’s bizarre behavior, they enlisted the help of Russian cybersecurity firm Kaspersky Labs to get to the bottom of this costly and embarrassing problem. Kaspersky’s expert technicians went to work, and they soon discovered that the ATMs were not just malfunctioning — they had been hacked and rigged to spit out large amounts of cash at randomly chosen times. They quickly realized that they were dealing with something much bigger than a few errant ATMs — they had stumbled upon one of the most sophisticated and largest cyber crimes in history, and the ATMs were just the tip of the iceberg.
The diligent technicians were able to determine that a group of extremely skilled professional hackers were behind these astonishing attacks. The attacks didn’t appear to be the work of any one country or nation state. Rather, the experts determined that a tightly knit and highly sophisticated ring of cybercriminals from Russia, China and elsewhere were to blame for the unruly ATMs and many more attacks, besides. The group, dubbed the Carbanak Cybergang after the malicious software they used in their attacks, had stolen more than 850 million dollars from hundreds of banks all over the world.
As technicians continued their investigation, they came to realize that these attacks had been going on for years, and that the group had targeted countless banks in countries all over the world. In fact, the attacks continued even as Kaspersky Lab’s technicians were uncovering more and more evidence of the hackers activities. As they uncovered the details of the hackers’ crimes, the group continued to steal thousands of dollars a day from the world’s banks. Part of the reason that the hackers were able to successfully rob so many banks for years without raising suspicion is that they employed multiple different strategies in their thefts, making it hard to link their various raids back to a single source. The Carbanak Cybergang had 3 major strategies for robbing the unsuspecting banks. The first, of course, was the rigged ATMs.
The cyber gangsters were able to remotely hack into the banks’ ATM networks, and from hundreds of miles away they could rig the machines to randomly dispense cash. The hackers could arrange for specific machines to spit out piles of cash without requiring a bank card to be inserted or any buttons to be pressed. All the hackers would have to do is station someone nearby to scoop up their haul, and they could walk away with thousands of dollars.
And, since passersby often got in on the fun, the hackers were able to take their cash and disappear into the crowd, allowing them to get away unnoticed.While rigged ATMs were a convenient way for the hackers to access their hoards of stolen cash, it was also a highly visible and suspicious tactic, and they frequently had to battle against bystanders for their take. The hackers had other, more advanced tricks up their sleeves, though.A more advanced tactic involved gaining access to the accounts of the banks’ clients and using them to funnel stolen funds into the hands of the hackers. Once the hackers had infiltrated the banks’ network, they would implement a scheme that involved significantly inflating the balance of a client’s account before transferring the excess funds into their own accounts.
For example, a client’s account may have had an initial balance of 1,000 dollars, before the hackers got a hold of it and inflated the balance to 10,000 dollars. The hackers would then transfer 9,000 dollars to their own accounts, and the client would be none the wiser, since their balance would appear to have remained unchanged. Inflating accounts was an easy way for the hackers to make off with tens of thousands of dollars for just a few hours’ work, but they had their eyes on even bigger targets. The biggest sums of money were stolen in the boldest and most sophisticated online raids.
Once the hackers had gained access to the banks’ internal network, they were able to do much more than simply alter bank account balances. With unfettered access to the banks’ internal workings, the hackers were able to initiate huge cash transfers from the banks’ accounts into their own accounts using the banks’ internal cash transfer system.
Using the banks’ own accounts meant that they didn’t have to worry about transfer limits or large transaction alerts on personal accounts. Instead, they were often able to make off with millions of dollars from a single raid, and by the time the banks noticed what had happened, the hackers were long gone, enjoying their spoils hundreds of miles away.
These strategies were incredibly lucrative for the hackers. Losses per bank ranged from between 2.5 million dollars on the low end up to 10 million dollars or more for some of the hardest hit institutions. One bank reported that 10 million dollars was stolen during a single raid of their online platform, while another bank lost 7.3 million dollars through the gang’s ATM scheme. Altogether, the Carbanak Cybergang is thought to have stolen upwards of 1 billion Euros from the world’s financial institutions. Rigging ATMs and funneling thousands of dollars through client accounts is one thing, but stealing 10s of millions from the banks’ own accounts is quite another. How on earth did the hackers get away with such audacious crimes? Part of it has to do with geography. Over a 2 year period, the hackers raided more than 100 different banks in 30 different countries around the world, making it nearly impossible to link the attacks to a single group, and allowing the hackers to stay one step ahead of the banks and the authorities.
Most of the targeted banks were located in Russia, Ukraine and China, although the hackers also hit banks in the United States, Germany, and countless other countries. Stolen funds were funneled into fraudulent destination accounts that were also hidden all over the world — much of the stolen money ended up in accounts in the U.S., China and Russia. Another reason the hackers were able to get away with their schemes for so long is that they targeted the banks themselves, not the banks’ clients. Had the hackers been stealing directly from customers’ accounts, the clients would have been quick to notice and to raise the alarm, and the banks would have had no choice but to investigate and publicly acknowledge the theft. By targeting the banks’ own internal accounts instead, the embarrassed banks were eager to keep the details of the thefts under wraps, which made it unlikely that they would connect their own robbery to raids at other banks and harder for investigators to immediately realize the true size and scope of these attacks.
While targeting the banks themselves and hitting targets all over the world certainly helped the hackers keep a low profile, their best weapon was their incredible patience. According to Chris Dogget, Kaspersky Lab’s North American Managing Director, most cyber criminals simply smash their way into a system, take whatever they can grab quickly, and run before they get caught. The Carbanak Cybergang, on the other hand, was much more “Ocean’s Eleven than Bonnie and Clyde”, as Dogget puts it. It would often take the hackers between 2 and 4 months to complete a single raid, and their process was highly sophisticated. Kaspersky Lab’s Dogget notes that the Carbanak raids were particularly worrisome for banks because it didn’t matter what software the banks used, the hackers could find a way in. Even the most advanced proprietary software proved no match for the hackers, who were using a rather simple method for gaining access to the banks’ internal networks — a good old-fashioned phishing email. Phishing is one of the oldest forms of cyber attacks, dating back to the 1990s, and it is still one of the most widespread cybersecurity threats — Americans alone lose 57 million dollars a year to phishing scams.
To read the full article please visit https://www.kalilinuxtips.online/how-hackers-stole-850-million-dollars-online/