The information provided on this website does not, and is not intended to, act as legal, financial or credit advice; instead, it is for general informational purposes only. Information on this website may not be current. This website may contain links to other third-party websites. Such links are only for the convenience of the reader, user or browser; we do not recommend or endorse the contents of any third-party sites. Readers of this website should contact their attorney, accountant or credit counselor to obtain advice with respect to their particular situation. No reader, user, or browser of this site should act or not act on the basis of information on this site. Always seek personal legal, financial or credit advice for your relevant jurisdiction. Only your individual attorney or advisor can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client or fiduciary relationship between the reader, user, or browser and website owner, authors, contributors, contributing firms, or their respective employers.
Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them. Compensation is not a factor in the substantive evaluation of any product.
A funny thing happened on the way to the ATM (and depending on who you believe, may still be happening). Scratch that. For the lucky few at the right place at the right time, an awesome thing has been happening: ATMs randomly coughing up cash—and a lot of it. Like an international lottery, the phenomenon has occurred in more than 30 countries, leading to potentially as much as $1 billion in stolen funds.
At first glance, it might seem like a ghost in the machine was behind these pedestrian cash bonanzas (or a benevolent god), but as the walk-by windfalls multiplied a more likely scenario emerged. Called in to investigate, the international security software group Kaspersky Lab discerned the telltale signs of cybercrime behind the Mystery of the Communist ATMs.
The cash cataracts were the tip of an iceberg of massive proportions still unknown. As such, they underscore the need for private and public sector sharing of cybersecurity threat information. In an environment where cooperation, collaboration and communication are practiced, it’s harder for criminals to flourish. Had those ATM incidents been reported in a timely way, the scam probably would have been caught sooner.
President Obama signed an executive order last week on information sharing that was more like a guideline than anything else, but still very much a step in the right direction. “It’s one of the great paradoxes of our time,” the President told attendees of the first White House summit on Cybersecurity and Consumer Protection at Stanford University, “that the very technologies that empower us to do great good can also be used to undermine us and inflict great harm.”
Members of a cybercrime gang called Carbanak appear to know that better than most. They were the ones behind the ATM paydays, according to Kaspersky Lab. Using a RAT (remote access tool), Carbanak was able to release large amounts of money without anyone touching the machines. What seemed like an unfortunate loss for the affected banks—on the surface these incidents only benefited random passers-by—stayed hush-hush. According to my colleague Byron Acohido, “companies by and large are loathe to let word of any successful hack leave the inner circle – unless absolutely necessary.” But the knee-jerk reaction to circle the wagons that most companies have when they’ve been compromised by cybercriminals actually cost banks more in this instance since it allowed the Carbanak gang to have a longer run at the institutions they had cracked. Had the affected banks shared information, a pattern would have emerged early on.
The forensics experts at Kaspersky Labs started to work backward to piece together the anatomy of what we now know may be the biggest bank heist to date. The deeper they probed the cause of these money geysers, the more apparent it became that the extent of the hit went way beyond the scope of a few zombie ATMs. At least $300 million had been stolen over the two-year period.
Kaspersky reported these findings at the opening of their annual Security Analyst Summit, which was held in Cancun last week. According to the report, “the criminals have attempted to attack up to 100 banks, e-payment systems and other financial institutions.” The Carbanak targets included financial organizations across the globe. The form the attacks took: malware.
The days of the safe-cracking bank robber have given way to the security-breaching hacker—yet another reason institutions should value open lines of communication and a high level of cooperation when it comes to fighting the threats out there. In the Carbanak scam, spearphishing emails were sent to employees that infected work stations, and from there the hackers tunneled deeper into the banks’ systems until they controlled employee stations that would allow them to make cash transfers, operate ATMs remotely, change account information and make administrative changes.
It was a pretty standard scheme: an email with a link that looked like it was coming from a colleague contained the malicious code, which spread from there like a digital rhinovirus. The hackers recorded everything that happened on the affected computers to learn how the organization did things. When they had mastered the system, they commandeered it for a series of transactions that included the ATM hits, but also a practice of artificially inflating bank balances and then siphoning off that amount, so a customer’s account balance might go from $1,000 to $10,000 and then $9,000 would go to the hacker. Could banks have prevented the attack? Maybe not, but more communication and a culture of cybercrime awareness certainly could have limited the damage.
The truth is there is no solution, but there is something that could make it harder for this kind of attack to go undetected for such a long period of time: collaboration, communication and cooperation. This is not just at the enterprise level. Consumers who see their bank account balances increase for no reason need to speak up instead of pray no one notices. Banks that get robbed need to talk about it, and share information. Cybercrime flourishes most when it is able to operate in the shadows.
As Justice Louis Brandeis said, “Sunlight is said to be the best of disinfectants; electric light the most efficient policeman.” Right now, the 3Cs of collaboration, communication and cooperation are the bright light in the dark night of cybercrime’s ascendency.
This story is an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.
Image: Hemera
September 13, 2021
Uncategorized
August 4, 2021
Uncategorized
January 28, 2021
Uncategorized