Slashdot Mirror
The Biggest Digital Heist in History Isn't Over Yet (bloomberg.com)
There are cyberheists, and then there's Carbanak, a cybercriminal gang that has stolen about $1.2 billion from more than 100 banks in 40 nations. The suspected 34-year-old ringleader is under arrest, but the whopping $1.2 billion amount remains missing. And to add insult to the injury, the malware attacks live on. Bloomberg Businessweek has an insightful story on this, which includes comments from none other than Europol itself, on the chase to catch Carabanak which has lasted for three years. Some excerpts from the story: Before WannaCry, before the Sony Pictures hack, and before the breaches that opened up Equifax and Yahoo!, there was a nasty bit of malware known as Carbanak. Unlike those spectacular attacks, this malware wasn't created by people interested in paralyzing institutions for ransom, publishing embarrassing emails, or taking personal data. The Carbanak guys just wanted loot, and lots of it.
Since late 2013, this band of cybercriminals has penetrated the digital inner sanctums of more than 100 banks in 40 nations, including Germany, Russia, Ukraine, and the U.S., and stolen about $1.2 billion, according to Europol, the European Union's law enforcement agency. The string of thefts, collectively dubbed Carbanak -- a mashup of a hacking program and the word "bank" -- is believed to be the biggest digital bank heist ever. In a series of exclusive interviews with Bloomberg Businessweek, law enforcement officials and computer-crime experts provided revelations about their three-year pursuit of the gang and the mechanics of a caper that's become the stuff of legend in the digital underworld.
Besides forcing ATMs to cough up money, the thieves inflated account balances and shuttled millions of dollars around the globe. Deploying the same espionage methods used by intelligence agencies, they appropriated the identities of network administrators and executives and plumbed files for sensitive information about security and account management practices. The gang operated through remotely accessed computers and hid their tracks in a sea of internet addresses.
Since late 2013, this band of cybercriminals has penetrated the digital inner sanctums of more than 100 banks in 40 nations, including Germany, Russia, Ukraine, and the U.S., and stolen about $1.2 billion, according to Europol, the European Union's law enforcement agency. The string of thefts, collectively dubbed Carbanak -- a mashup of a hacking program and the word "bank" -- is believed to be the biggest digital bank heist ever. In a series of exclusive interviews with Bloomberg Businessweek, law enforcement officials and computer-crime experts provided revelations about their three-year pursuit of the gang and the mechanics of a caper that's become the stuff of legend in the digital underworld.
Besides forcing ATMs to cough up money, the thieves inflated account balances and shuttled millions of dollars around the globe. Deploying the same espionage methods used by intelligence agencies, they appropriated the identities of network administrators and executives and plumbed files for sensitive information about security and account management practices. The gang operated through remotely accessed computers and hid their tracks in a sea of internet addresses.
Wow. So, who will be playing Carbanak in the movie? Brad Pitt?
http://www.geoffreylandis.com
You really protected us from the bad guys by building these tools and NOT plugging the holes they use
The biggest digital heist was when the banks took billions in public money to bail themselves out in 2008.
Can you heist a heist?
Actually the heist which immediately preceded that ... packaging junk debt as AAA and selling it to other people.
Essentially some greedy American assholes stole billions of dollars from the entire fucking world.
The banks got bailed out, the people around the world who got conned into buying garbage American debt, not so much.
How the people who rated that debt AAA didn't end up in prison, I have no idea. Because there is no way they didn't know they were part of a scam.
A primary concern is ensuring the science is strong enough to distinguish a normal transaction from a transaction masquerading as one.
...then, in March, the Spanish National Police arrested Ukrainian citizen Denis Katana...
Wait... he's named katana?! Really?
No way. That has got to be a pseudonym.
http://www.geoffreylandis.com
They mean social engineering... duh.
But it sounds way better when they call it "espionage methods used by intelligence agencies" instead of "abusive communication methods used daily by banking employees to sell you loans you don't need".
Therefore, by the (faulty) logic you're using, you're just a cow with a keyboard - osu-neko (2604)
Extremely hard, actually.
Case in point, the heist of the Bangladesh Central Bank. They laundered that money through the casino's in the Philippines, who didn't track the money as well as they should have. So you enter with money, buy chips, lose a bit and then move your chips to your pal. He cashes out and now he has legit money.
They did catch the money mules, but they were very unwilling to talk. Later they discovered it was probably North Korea doing the robbing, so that was understandable. The money will never be recovered.
Therefore, by the (faulty) logic you're using, you're just a cow with a keyboard - osu-neko (2604)
> But I don't suppose they took 1.2 billion out of ATMs. So most of it just went from bank account to bank account to bank account. How hard can it be to trace?
If the crooks were stupid, they would have transferred it from the victim bank into the crook's personal Wells Fargo account, and left it there. The crooks weren't stupid.
The move it around through several countries right away, then use burner accounts in whichever countries to buy goods, things like laptops, gold, diamonds, etc. Move the diamonds, laptops, gold, whatever to another country where the government officials are part of a fencing operation, etc.
The banks were greedy, but they weren't alone. The ratings agencies should have been fined/jailed as well. They LIED about the quality of the bonds (at the bank's behest) and participated in the scam.
Fraud is fraud is fraud.