Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Breach Russian Bank and Steal $1 Million Due To Outdated Router (bleepingcomputer.com)

Posted by msmash on from the damn-those-routers dept.

Catalin Cimpanu, reporting for BleepingComputer: A notorious hacker group known as MoneyTaker has stolen roughly $1 million from a Russian bank after breaching its network via an outdated router. The victim of the hack is PIR Bank, which lost at least $920,000 in money it had stored in a corresponding account at the Bank of Russia. Group-IB, a Russian cyber-security firm that was called in to investigate the incident, says that after studying infected workstations and servers at PIR Bank, they collected "irrefutable digital evidence implicating MoneyTaker in the theft." Group-IB are experts in MoneyTaker tactics because they unmasked the group's existence and operations last December when they published a report on their past attacks.

24 comments

  1. Updates are hard by Anonymous Coward · · Score: 0

    Its amazing how many times we shoot ourselves in the foot for basic tasks.

  2. If hackers and bank ... by CaptainDork · · Score: 1

    ... owed $1 million that was due, or past due, to the router then maybe this was a "guilt hack." or stuff.

    --
    It little behooves the best of us to comment on the rest of us.
  3. Another Sequel by Anonymous Coward · · Score: 0

    "The DNC Strikes Back"

    -- Not A George Lucas/Lucasfilm Production

    1. Re: Another Sequel by Anonymous Coward · · Score: 0

      Nope. DNC would be the least capable people of all and the most irresponsible. I remember John Podestas password. FYI; it was: password

  4. NSA should do this by Anonymous Coward · · Score: 0

    as part of they budget cycle and also fuck up russia budget

    1. Re:NSA should do this by Anonymous Coward · · Score: 0

      Fuck that... Turn Equifax loose on those pesky Russians.

  5. The Shyamalan Twist by Anonymous Coward · · Score: 0

    Group-IB created and controls MoneyTaker

  6. Ummm... by Anonymous Coward · · Score: 0

    An inside job / government job if there ever was one.

  7. someone's about to get poisoned by known_coward_69 · · Score: 1

    i see some novochick with someone's name on it

  8. Sounds like the Onion! by snapsnap · · Score: 3, Funny

    Really, the name of the company that took the money is named MoneyTaker?

    1. Re:Sounds like the Onion! by Anonymous Coward · · Score: 0

      It is worse than that, Group-IB _is_ MoneyTaker!

    2. Re:Sounds like the Onion! by Anonymous Coward · · Score: 0

      Run by Vladimir Putin. He will just add this stolen money to his other stolen money. Unless Russians kill him first.

  9. Bank security... by Anonymous Coward · · Score: 0

    Many many years ago, I just thought that Banks must have really really good cyber-security, so that's why they don't get hacked.

    Then I learned more about how banks ACTUALLY operate (slow, non-moving dinosaurs), realized that they really _don't_ have great security, and noticed my freaking gmail account has better authentication security than my bank account (still does) and wondered why they didn't get hacked.

    Now I realize that the criminals just had to play catch-up.

  10. Oh great! by Anonymous Coward · · Score: 0

    The daily bleepingcomputer "it wuz haxx0rz!" spree. Thanks, msmash, that saves me some reading.

  11. They get hacked all the time. Not just recently by raymorris · · Score: 2

    Banks, or banking systems, get hacked fairly regularly. This isn't a new development. You might be seeing more of it in the popular press recently because the popular press has trends.

  12. How do you steal which does not exist by Anonymous Coward · · Score: 1

    I don't understand what is stolen here. There is no physical money, it's just a value stored in memory + replicated on some disks. What's stopping someone from just restoring it to its original value? If there are transactions that leave a concrete trace, why not roll them back?

    1. Re:How do you steal which does not exist by gurps_npc · · Score: 1

      Depends on the time. You can't really roll back trades that occurred a month ago.

      What happens is you have a banking network. You trust the people you deal with directly, but some of them trust people you don't entirely trust, and the 3rd party trusts even more people.

      So lets say Bank A wants to rollback 1 million dollars that went to Bank B. Bank B will definitely agree, as long as the money is still there.

      But after a day, the criminal has moved some/all to Bank C. Bank A can probably convince C to return the money.

      But after a month, some of that money has been paid out in cash, money orders were printed AND cashed, some of the money has gone to Bank H, I and J - that happen to reside in Cuba, Nigeria, and the Cayman Islands.

      At that point, people can't roll back the money. The 4th or 5th link in the chain refuses or has paid out actual cash on the account.

      --
      excitingthingstodo.blogspot.com
    2. Re:How do you steal which does not exist by Anonymous Coward · · Score: 0

      "I don't understand what is stolen here."

      Well, the part where you don't understand is correct. However you do understand what is stolen, which is money. What you don't understand is how.

      Now, I don't have a great understanding of this either, but I do know some parts of it. And it's not just "a value stored in memory"! Why? Because if that's all it was, then anyone could create new money from any currency, at any time. Would they do so? Hell yes! What would happen? Unlimited inflation, and a currency valuation of zero, and it would happen fast. Really, really fast.

      Look, the money was stolen, right? How do you "roll back the transaction" without the cooperation of the criminals? Are they going to cooperate? You seem to think that there's only one computer here, but there isn't. Not even conceptually. The debit side is one computer, and the credit side is a different computer. Likely at a different bank, and quite possibly in a different country. In order to make this all work (and work fast) there are simple, but inviolable rules that are encoded into the systems that handle electronic transactions.

      Second point. In finance there's a principle: Never unroll a transaction! It plays hell with auditing, to the point that you cannot even trust an audit. There's a strong rule that the only way to reverse a transaction is to post a reversing transaction (which is a completely separate, second transaction) that has the effect of reversing the first. It sounds like it's the same but it's not. The reason it's not is that this system is fully auditable, whereas unrolling isn't auditable. With auditing you can see what happened; without auditing you cannot, because the transactions themselves have disappeared.

      I'm not sure exactly where this principle comes from but it's probably GAAP: https://www.invensis.net/blog/finance-and-accounting/ten-generally-accepted-accounting-principles-gaap/

      OK, so why not then post a reversing transaction? You can't! You're dealing with criminals, remember? Are they going to agree to your reversing transaction? Not bloody likely... Yet without their cooperation you cannot get that reversing transaction.

      A lot of the issues at play here are encoded into the SWIFT network. SWIFT is the international banking network; nothing else comes close to the money volumes that SWIFT handles.

      https://www.investopedia.com/articles/personal-finance/050515/how-swift-system-works.asp

      I suspect there's a SWIFT rule that goes something like this: No repudiation of any validated SWIFT transaction. No exceptions!

      Once the transaction goes through, that's it. Your only chance at control of those transactions is at the front end, before it enters the SWIFT network. That's one reason why banks are so paranoid about security.

  13. Why investigate when many groups do it?! by Anonymous Coward · · Score: 0

    Many many groups conduct illegal activity, weird how Russia investigates anyway rather than taking the groups word they were not involved...

  14. FBI by c++horde · · Score: 1

    Yep, the FBI is right. We need less secure encryption. Back doors need to exist.