In what many experts are now considering to be the most serious and damaging cybercrime of all time, Russian hackers have allegedly stolen nearly £650 million from a series of international banks, including financial institutions in China, the United Kingdom, Japan and the EU at large. The crime was uncovered after it was discovered that cash machines in the Ukraine were releasing large sums of money at seemingly random intervals. In order to determine the source behind this strange behavior, Russian-based cybersecurity firm Kaspersky Lab was called in to investigate.
After their inquiries, these experts uncovered a staggering infrastructure which has been developed over the course of two years. According to Kaspersky Lab, the operation was multi-phase in nature, involving both the installation of malware on internal computer systems within various banking networks, as well as mimicry of banking personnel made possible by illegal surveillance which occurred after the hackers had managed to break into the security systems of the banks they were planning to steal from and use custom designed money transfer software to achieve their desired goals.
Experts believe that the duration of time needed following the installation of the malware until the actual theft was between two to four months per bank. According to Sergey Golovanov, a member of the Kaspersky Lab team tasked within investigating the case, “These bank heists were surprising because it made no difference to the criminals what software the banks were using...It was a very slick and professional cyber robbery.”
Are we entering a new era of cybercrime? The changes are good that security professionals will be required to dramatically improve and refine pre-existing systems throughout the banking world in order that a theft of such magnitude does not happen again. It is also important to note that such trespasses can also occur in virtually any other large industry as well. To effectively counter this increases threat, cybercrime professionals must remain vigilant and do their best to limit the number of opportunities that cyber criminals may be able to exploit for personal gain. In the worlds of Golovanov, “even if the money transfer software is unique, a bank cannot get complacent.”
It will be interesting to observe whether or not these criminals will be brought to justice, and, if so, what authorities can learn from the tactics these hackers used.