In late 2013, an automated teller machine in Kiev started dispensing cash at seemingly random times of day. No one had put in a card, or touched a button. Cameras showed that the piles of money had been swept up by clients who appeared lucky to be there at the right moment.
However, when Russian cybersecurity firm Kaspersky Lab was called to Ukraine to investigate, it discovered that the errant machine was the least of the bank’s problems.
The bank’s internal computers, used by employees who process daily transfers and conduct bookkeeping, had been penetrated by malware that allowed cybercriminals to record their every move. The malicious software lurked for months, sending back video feeds and images that told a criminal group — including Russians, Chinese and Europeans — how the bank conducted its daily routines, according to the investigators.
Then the group impersonated bank officers, not only turning on various cash machines, but also transferring millions of dollars from banks in Russia, Japan, Switzerland, the US and the Netherlands into dummy accounts set up in other countries.
In a report scheduled to be published today, and provided in advance to the New York Times, Kaspersky Lab said the scope of this attack on more than 100 banks and other financial institutions in 30 nations could make it one of the largest bank thefts ever — and one conducted without the usual signs of robbery.
The Moscow-based firm says that because of nondisclosure agreements with the banks that were hit, it cannot name them. White House officials and the FBI have been briefed on the findings but said it would take time to confirm them and assess the losses.
Kaspersky Lab said it has seen evidence of US$300 million in theft from clients and believes the total could be triple that. However, that projection is impossible to verify because the thefts were limited to US$10 million per transaction, although some banks were hit several times. In many cases the hauls were more modest, presumably to avoid setting off alarms.
The majority of the targets were in Russia, but many were in Japan, the US and Europe.
No bank has come forward acknowledging the theft, a common problem that US President Barack Obama alluded to on Friday when he attended the first White House summit meeting on cybersecurity and consumer protection at Stanford University. He urged the passage of a law that would require public disclosure of any breach that compromised personal or financial information.
However, the industry consortium that alerts banks to malicious activity, the Financial Services Information Sharing and Analysis Center, said in a statement, “our members are aware of this activity. We have disseminated intelligence on this attack to the members,” and “some briefings were also provided by law enforcement entities.”
The American Bankers Association declined to comment. Investigators at Interpol said their digital crimes specialists in Singapore were coordinating an investigation with law enforcement in affected countries. In the Netherlands, the Dutch High Tech Crime Unit, a division of the Dutch National Police that investigates some of the world’s most advanced financial cybercrime, had also been briefed.
The silence around the investigation appears motivated in part by the reluctance of banks to concede that their systems were so easily penetrated, and in part by the fact that the attacks appear to be continuing.
Kaspersky North America managing director Chris Doggetof said that the “Carbanak cybergang,” named for the malware it deployed, represents an increase in the sophistication of cyberattacks on financial firms.
“This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert,” Doggett said.
As in the recent attack on Sony Pictures, which Obama again said on Friday had been conducted by North Korea, the intruders in the bank thefts were enormously patient, placing surveillance software in the computers of system administrators and watching their moves for months. The evidence suggests this was not a nation state but a specialized group of cybercriminals.
The hackers’ success rate was impressive. One Kaspersky client lost US$7.3 million through ATM withdrawals alone, the firm said in its report. Another lost US$10 million from the exploitation of its accounting system.
In some cases, transfers were run through the system operated by the Society for Worldwide Interbank Financial Telecommunication (SWIFT) which banks use to transfer funds across borders. It has long been a target for hackers — and long been monitored by intelligence agencies.
Doggett likened most cyberthefts to “Bonnie and Clyde” operations, in which attackers break in, take whatever they can grab, and run. In this case, Doggett said, the heist was “much more Ocean’s Eleven.”
Taiwan Transport and Storage Corp (TTS, 台灣通運倉儲) yesterday unveiled its first electric tractor unit — manufactured by Volvo Trucks — in a ceremony in Taipei, and said the unit would soon be used to transport cement produced by Taiwan Cement Corp (TCC, 台灣水泥). Both TTS and TCC belong to TCC International Holdings Ltd (台泥國際集團). With the electric tractor unit, the Taipei-based cement firm would become the first in Taiwan to use electric vehicles to transport construction materials. TTS chairman Koo Kung-yi (辜公怡), Volvo Trucks vice president of sales and marketing Johan Selven, TCC president Roman Cheng (程耀輝) and Taikoo Motors Group
Among the rows of vibrators, rubber torsos and leather harnesses at a Chinese sex toys exhibition in Shanghai this weekend, the beginnings of an artificial intelligence (AI)-driven shift in the industry quietly pulsed. China manufactures about 70 percent of the world’s sex toys, most of it the “hardware” on display at the fair — whether that be technicolor tentacled dildos or hyper-realistic personalized silicone dolls. Yet smart toys have been rising in popularity for some time. Many major European and US brands already offer tech-enhanced products that can enable long-distance love, monitor well-being and even bring people one step closer to
RECORD-BREAKING: TSMC’s net profit last quarter beat market expectations by expanding 8.9% and it was the best first-quarter profit in the chipmaker’s history Taiwan Semiconductor Manufacturing Co (TSMC, 台積電), which counts Nvidia Corp as a key customer, yesterday said that artificial intelligence (AI) server chip revenue is set to more than double this year from last year amid rising demand. The chipmaker expects the growth momentum to continue in the next five years with an annual compound growth rate of 50 percent, TSMC chief executive officer C.C. Wei (魏哲家) told investors yesterday. By 2028, AI chips’ contribution to revenue would climb to about 20 percent from a percentage in the low teens, Wei said. “Almost all the AI innovators are working with TSMC to address the
Malaysia’s leader yesterday announced plans to build a massive semiconductor design park, aiming to boost the Southeast Asian nation’s role in the global chip industry. A prominent player in the semiconductor industry for decades, Malaysia accounts for an estimated 13 percent of global back-end manufacturing, according to German tech giant Bosch. Now it wants to go beyond production and emerge as a chip design powerhouse too, Malaysian Prime Minister Anwar Ibrahim said. “I am pleased to announce the largest IC (integrated circuit) Design Park in Southeast Asia, that will house world-class anchor tenants and collaborate with global companies such as Arm [Holdings PLC],”