Slashdot Mirror

← Back to Stories (view on slashdot.org)

Banking Fraud Campaign Steals 500k Euros In a Week

Posted by Unknown on from the red-stapler dept.

An anonymous reader writes The experts at Kaspersky Lab have discovered evidence of a targeted attack against the clients of a large European bank. According to the logs found in the server used by the attackers, apparently in the space of just one week cybercriminals stole more than half a million euros from accounts in the bank. The experts also detected transaction logs on the server, containing information about which sums of money were taken from which accounts. All in all, more than 190 victims could be identified, most of them located in Italy and Turkey. The sums stolen from each bank account, according to the logs, ranged between 1,700 to 39,000 euros.

14 of 35 comments (clear)

  1. Really? by Anonymous Coward · · Score: 2, Insightful

    Banking fraud here in America steals entire QE packages.

    http://inthesetimes.com/news/entry/14886/the_excel_spreadsheet_error_that_justified_global_austerity

  2. Targeted Attack? by timrod · · Score: 5, Insightful

    One thing I don't really understand, and the article doesn't mention, is how exactly they know this was a targeted attack. The way the article reads, it sounds like a bunch of people got infected with a Zeus variant and had their banking details stolen off their computers, and coincidentally, a bunch of them happened to use the same large European bank. I'm willing to bet that some of those victims probably didn't use the bank in question, and that there are financial losses ranging outside of that one bank.

    That said, this isn't a very good article, because it doesn't mention how they think the malware got onto these people's computers or even which bank was supposedly "targeted".

    1. Re:Targeted Attack? by Mr+D+from+63 · · Score: 1

      Its also not clear how the attackers set up these target accounts without being flagged somehow. The use of those accounts might be the reason it was confined to one institution, and it seems that would be the most embarrassing element to the bank.

    2. Re:Targeted Attack? by plover · · Score: 1

      Regarding your iOS v. Android observation, that's possibly related to demographics. On average, university students tend to come from families with better educated parents, and better education correlates with a higher average income. I'm not saying every student on your campus was given an iPhone by a rich mommy and daddy, but I bet the average is higher than in the general population.

      --
      John
  3. What OS does this targeted banking fraud run on? by lippydude · · Score: 1

    On the C&C server we detected there was no information as to which specific malware program was used in this campaign. However, many existing Zeus variations (Citadel, SpyEye, IceIX, etc.) – have that necessary capability. We believe the malware used in this campaign could be a Zeus flavor using sophisticated web injects on the victimsref

  4. Re:What OS does this targeted banking fraud run on by thoriumbr · · Score: 1

    The C&C server probably runs Linux. The stolen victims problably runs Windows.

  5. "In the space of just one week..." by rmdingler · · Score: 1
    I'm no experienced cybercriminal,

    but how long would you want to hang around the scene of the crime?

    It seems like most folks, who happen across a revenue stream from which a pinstriped suit is one possible future, would be best served by a quick-in/quick-out strategy.

    --
    Happiness in intelligent people is the rarest thing I know.

    Ernest Hemingway

  6. Re:bitcoins by pantaril · · Score: 2

    OMG lets make banks illegal, it is the next bitcoin.

    This story nicely ilustrates that even the old financial system with it's chargebacks and deposit insurances is not imune to scam and theft.

  7. Re:You ain't seen nothin yet from the Nest by Mr+D+from+63 · · Score: 1

    Sometimes its about product choice and need. I use a Cyberstat wifi thermostat. Simple and relatively low cost programmable and remotely accessible. Not really "automation" but gives you control from anywhere... what more does one really need?

  8. How do they prevent the money from being tracked? by JTsyo · · Score: 2

    Since this is all done electronically, what do the thieves do to prevent the banks from tracking where the money went? Why would banks allow transfers to institutions that don't allow the money to be tracked and returned?

  9. Re:How do they prevent the money from being tracke by volmtech · · Score: 1

    There must be a good reason. If all it takes is account information any bank employee could make himself rich first week on the job. My take on it is banks move a lot of "questionable " money around so explicit details of every transaction are purposely not recorded.

  10. Re:How do they prevent the money from being tracke by Carewolf · · Score: 1

    They don't. They need to buy something with the money or withdray them. The transfers can easily be undone and the money will return to where they were taken from unless they are fully out of the electronic system.

  11. Re:How do they prevent the money from being tracke by mjwx · · Score: 1

    They don't. They need to buy something with the money or withdray them. The transfers can easily be undone and the money will return to where they were taken from unless they are fully out of the electronic system.

    Not really,

    You launder electronic money in the same way you launder physical money. Through a semi-legit shell company. You dont need to take it out of the electronic system, you just need to take it out of the banks direct control. You cant actually do a chargeback when you dont know where the money went after step 2 because the shell company shut down and the "directors" are nowhere to be seen.

    When you do a chargeback after being defrauded, banks eat the cost because they want to keep you addicted to the credit which earns them a very large mint in merchant service and interchange fees. The loss of you going back to cash or debit is worth thousands per year.

    --
    Calling someone a "hater" only means you can not rationally rebut their argument.
  12. Re:What OS does this targeted banking fraud run on by thoriumbr · · Score: 1

    Ok, let's elaborate...

    Usually, the C&C server is a rented virtual server, hosted on a "cloud provider" with little regard to identity verification. Those servers are always paid for with money from an untraceable source (like Webmoney or Western Union). This makes very difficult to track identities from the server to the money, and from the money to the owners of it.
    VPS providers running Linux are plenty out there. And a remote Linux server is easier to manage than a remote Windows server [citation needed]. Deploying the C&C server infrastructure on Linux, using stolen SSH passwords with bots is way easier than do the same using rdesktop to deploy the infrastructure on hacked Windows servers.
    So, probably the server is a virtual Linux server sitting on a datacenter, and the owners of the datacenter may not be aware of the fact that they host a C&C Server.

    On the client side, they are surely running Windows. Compromising a Windows user is easier than a Linux user. Linux users generally does not run SSH, Apache, MySQL et al. Linux servers do. On the other side, there's a massive amount of pirated versions of Windows XP vulnerable to a wide range of local and remote exploits. Sending a threatening email with a link is a very easy way to get a user hit a site hosting an exploit pack and get infected. From there, the computer is owned and the user is owned as well.

    It can be a directed phishing. If someone had access to the bank's client list, they can send a very convincing email with real data, and get a lot of customers infected. If they send a generic email to a lot of unrelated people, someone will notice and probably inform the bank of the attack.