Cyber Gang Beats Global Banks Out of Billions-Phishing Catches Whales

phishingBrokerdealer.com blog update courtesy of  David E. Sanger and Nicole Perlroth of the New York Times.

According to a just released investigation conducted by cyber security firm Kapersky Labs, a modern day gang of cybercriminals using seemingly simple email-based phishing techniques has beaten global banks, including the world’s biggest brokerdealers, out of at least $1billion during the past year alone.

When notorious 20th century gentleman bank robber Willie Sutton was asked by a news journalist (not Brian Williams!) why he robbed banks, the answer Sutton purportedly was: “Because that’s where the money is..” Though Sutton later disputed making that comment,  robbing banks in the 21st Century no longer requires wearing a ski mask and passing a teller a note that says : “This is a stick-up, give me all of your money.” Instead, according to the last series of bank heists, the weapon of choice starts with a phishing strategy that includes sending an email to a targeted bank employee that purportedly came from a sender known to the recipient, and includes an invisible piece of bait (commonly referred to as ‘malware’) embedded within the email message. That malware, which is chock full of computer code that enables access to critical systems ultimately lodges into the bank’s belly, enabling the ‘phisher’ to move tens of millions of dollars out of the bank and into the nets of phisher accounts in other banks.

In a report to be published on Monday, and provided in advance to The New York Times, Kaspersky Lab says that the scope of this attack on more than 100 banks and other financial institutions in 30 nations could make it one of the largest bank thefts ever — and one conducted without the usual signs of robbery.

The Moscow-based firm says that because of nondisclosure agreements with the banks that were hit, it cannot name them. Officials at the White House and the F.B.I. have been briefed on the findings, but say that it will take time to confirm them and assess the losses.

Kaspersky Lab says it has seen evidence of $300 million in theft through clients, and believes the total could be triple that. But that projection is impossible to verify because the thefts were limited to $10 million a transaction, though some banks were hit several times. In many cases the hauls were more modest, presumably to avoid setting off alarms.

The majority of the targets were in Russia, but many were in Japan, the United States and Europe.

No bank has come forward acknowledging the theft, a common problem that President Obama alluded to on Fridaywhen he attended the first White House summit meeting on cybersecurity and consumer protection at Stanford University. He urged passage of a law that would require public disclosure of any breach that compromised personal or financial information.

But the industry consortium that alerts banks to malicious activity, the Financial Services Information Sharing and Analysis Center, said in a statement that “our members are aware of this activity. We have disseminated intelligence on this attack to the members,” and that “some briefings were also provided by law enforcement entities.”

The American Bankers Association declined to comment, and an executive there, Douglas Johnson, said the group would let the financial services center’s statement serve as the only comment. Investigators at Interpol said their digital crimes specialists in Singapore were coordinating an investigation with law enforcement in affected countries. In the Netherlands, the Dutch High Tech Crime Unit, a division of the Dutch National Police that investigates some of the world’s most advanced financial cybercrime, has also been briefed.

The silence around the investigation appears motivated in part by the reluctance of banks to concede that their systems were so easily penetrated, and in part by the fact that the attacks appear to be continuing.

The managing director of the Kaspersky North America office in Boston, Chris Doggett, argued that the “Carbanak cybergang,” named for the malware it deployed, represents an increase in the sophistication of cyberattacks on financial firms.

“This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert,” Mr. Doggett said.

For the full story, please visit the NY Times by click here