It's not everyday a 'movie-like' major bank heist plot actually happens, but details are emerging that some Russian banks just got taken for at least $300 million.
http://www.nytimes.com/2015/02/15/wo...ware.html?_r=0
http://www.nytimes.com/2015/02/15/wo...ware.html?_r=0
the intruders in the bank thefts were enormously patient, placing surveillance software in the computers of system administrators and watching their moves for months. The evidence suggests this was not a nation state, but a specialized group of cybercriminals.
But the question remains how a fraud of this scale could have proceeded for nearly two years without banks, regulators or law enforcement catching on. Investigators say the answers may lie in the hackers' technique.
In many ways, this hack began like any other. The cybercriminals sent their victims infected emails - a news clip or message that appeared to come from a colleague - as bait. When the bank employees clicked on the email, they inadvertently downloaded malicious code. That allowed the hackers to crawl across a bank's network until they found employees who administered the cash transfer systems or remotely connected A.T.M.s.
Then, Kaspersky's investigators said, the thieves installed a "RAT-- remote access tool - that could capture video and screenshots of the employees' computers.
But the question remains how a fraud of this scale could have proceeded for nearly two years without banks, regulators or law enforcement catching on. Investigators say the answers may lie in the hackers' technique.
In many ways, this hack began like any other. The cybercriminals sent their victims infected emails - a news clip or message that appeared to come from a colleague - as bait. When the bank employees clicked on the email, they inadvertently downloaded malicious code. That allowed the hackers to crawl across a bank's network until they found employees who administered the cash transfer systems or remotely connected A.T.M.s.
Then, Kaspersky's investigators said, the thieves installed a "RAT-- remote access tool - that could capture video and screenshots of the employees' computers.
Comment