back to article Hackers break the bank to the tune of $300 MEEELLION

A series of bank hacker heists have hit more than 100 financial institutions, say Kaspersky researchers, and more than US$300 million appears to have walked as a result. The attacks targeted employees at as-yet-unnamed banks with malware dubbed Carbanak that gave access to corporate networks, giving criminals access for more …

  1. Mark 85
    Flame

    Two years? Up to a Billion+?

    With that kind of take, one would think that the money grabbers would have been long gone before anyone noticed. I guess it's easy to get carried away in the greed.

    Audits never caught onto this? I suppose the banks' next step will be to ask for their governments to reimburse them? Which should be a crime unto itself for having security holes allowing someone to drive an armored bank truck through. Some high up heads should roll for this though they'll probably blame some low-level IT guy....

    1. Ole Juul

      Re: Two years? Up to a Billion+?

      I suppose the banks' next step will be to ask for their governments to reimburse them?

      Of course. That's cheaper than any other insurance, and saves the bother and expense of fixing the door.

    2. BongoJoe

      Re: Two years? Up to a Billion+?

      Audits? You mean like the vapour-ware EU audits?

  2. Anonymous Coward
    Anonymous Coward

    Sudden wealth

    How does one go about hiding the fact that one is now very very rich, with no good explanation? Looks like the ripoff was the easy part. Of course, it could be bigger players (govts, multinationals), but for them the take is too low compared to the risks.

    1. Anonymous Coward
      Anonymous Coward

      Re: Sudden wealth

      A lot of banks don't seem to be too concerned with where your money came from. In the US and EU they are because of the government, but do they really care that much in Russia and China?

    2. Anonymous Coward
      Anonymous Coward

      Re: Sudden wealth

      "How does one go about hiding the fact that one is now very very rich, with no good explanation?"

      You use HSBC Swiss private banking.

    3. This post has been deleted by its author

      1. Anonymous Coward
        Anonymous Coward

        Re: Sudden wealth

        You have to transfer money into that company you "registered somewhere" from wherever it is now (and if a lot of it is cash collected from many thousands of ATMs, that is even more difficult)

        If you think it is that simple, you would probably end up being nabbed by the authorities before you even got a chance to move to this other country if you are starting from the US, UK or EU. The only question is whether they'll assume you are laundering drug money, conducting arms deals or funding international terrorism.

  3. Winkypop Silver badge
    Joke

    Are they sure it was hackers?

    It could have just been a few Bank Execs taking out their annual [cough] performance bonuses.

  4. Daniel B.
    Boffin

    Malware?

    Interesting that plain old malware would give hackers access to sensitive banking systems. Maybe those banks are relying too much on Windows? Either that, or they targeted banks with really bad security systems ... or both things.

    And even with lax security, I'm amazed that daily reconciliation didn't catch up with this. Because most of the "hacking cases" I've known about are caught by this, and the would-be rich hackers will instead end up in jail when they try to withdraw their iffy funds.

    1. T. F. M. Reader

      Re: Malware?

      Maybe those banks are relying too much on Windows?

      To an extent, insofar as the initial attack vector was, allegedly, phishing emails read by clerks who were, probably, using Windows. The actual malware (at least initial stages) could be assembly-based, so your question could be phrased as "Maybe those banks are relying too much on $(uname -m)?"

      I'm amazed that daily reconciliation didn't catch up with this.

      Reconciliation wouldn't. The operations were disguised as transactions, so your money would be wired to another bank and the two banks would reconcile without a hitch. Note the following tidbit from the article: "criminals [...] sought out employees charged with administering cash transfer and ATMs" - apparently it all started and/or ended with cash. Started with fake cash transactions, ended with real ones?

      Having said that, and not knowing any details, I assume there were both serious security shortcomings (beyond careless employees who click on juicy links and attachments on the same computer that handles their customers' money) and procedural/accounting gaps involved.

  5. Destroy All Monsters Silver badge
    Paris Hilton

    "fleeced $7.3 million through ATM withdrawals"

    Seriously, HOW?

    Even with $1000 per day, that's still 7300 days standing at the ATM.

    1. Anonymous IV

      Re: "fleeced $7.3 million through ATM withdrawals"

      Perhaps the criminals were sufficiently sophisticated to use more than one ATM?

      1. Anonymous Coward
        Anonymous Coward

        Re: "fleeced $7.3 million through ATM withdrawals"

        He refers to a daily cash withdrawal limit via ATM of $1000 from any account which means it doesn't make a jot of difference which or how many ATMs you use but I would posit that anyone with several million in readily available funds in their account could have a much higher limit making both your points void..

        1. DropBear

          Re: "fleeced $7.3 million through ATM withdrawals"

          He refers to a daily cash withdrawal limit

          Perhaps the criminals were sufficiently sophisticated to use more than one accont?

          1. Anonymous Coward
            Anonymous Coward

            Re: "fleeced $7.3 million through ATM withdrawals"

            Time for the banks to go back to dumb terminals for staff?

  6. Geoffrey Thomas

    Fixed.

    "Time for the banks to go back to no terminals for dumb staff?

    1. phil dude
      Joke

      Re: Fixed. pt 2

      "Time for the banks to go back to no staff, just goblins?"

      P.

  7. Anonymous Coward
    Anonymous Coward

    Time for the banks to go back to

    Full time IT security staff, maybe ?

    Apparently they were fired and some went to work for the Russian mob.

    Either way, 10,000,000 sounds like one serious leaving bonus.

  8. Runty Dog

    one to two years to get to billions...

    I dunno, the US media has already inflated the take to a BEEEEELION!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like