In late 2013, an automated teller machine in Kiev started dispensing cash at seemingly random times of day. No one had put in a card, or touched a button. Cameras showed that the piles of money had been swept up by clients who appeared lucky to be there at the right moment.
However, when Russian cybersecurity firm Kaspersky Lab was called to Ukraine to investigate, it discovered that the errant machine was the least of the bank’s problems.
The bank’s internal computers, used by employees who process daily transfers and conduct bookkeeping, had been penetrated by malware that allowed cybercriminals to record their every move. The malicious software lurked for months, sending back video feeds and images that told a criminal group — including Russians, Chinese and Europeans — how the bank conducted its daily routines, according to the investigators.
Then the group impersonated bank officers, not only turning on various cash machines, but also transferring millions of dollars from banks in Russia, Japan, Switzerland, the US and the Netherlands into dummy accounts set up in other countries.
In a report scheduled to be published today, and provided in advance to the New York Times, Kaspersky Lab said the scope of this attack on more than 100 banks and other financial institutions in 30 nations could make it one of the largest bank thefts ever — and one conducted without the usual signs of robbery.
The Moscow-based firm says that because of nondisclosure agreements with the banks that were hit, it cannot name them. White House officials and the FBI have been briefed on the findings but said it would take time to confirm them and assess the losses.
Kaspersky Lab said it has seen evidence of US$300 million in theft from clients and believes the total could be triple that. However, that projection is impossible to verify because the thefts were limited to US$10 million per transaction, although some banks were hit several times. In many cases the hauls were more modest, presumably to avoid setting off alarms.
The majority of the targets were in Russia, but many were in Japan, the US and Europe.
No bank has come forward acknowledging the theft, a common problem that US President Barack Obama alluded to on Friday when he attended the first White House summit meeting on cybersecurity and consumer protection at Stanford University. He urged the passage of a law that would require public disclosure of any breach that compromised personal or financial information.
However, the industry consortium that alerts banks to malicious activity, the Financial Services Information Sharing and Analysis Center, said in a statement, “our members are aware of this activity. We have disseminated intelligence on this attack to the members,” and “some briefings were also provided by law enforcement entities.”
The American Bankers Association declined to comment. Investigators at Interpol said their digital crimes specialists in Singapore were coordinating an investigation with law enforcement in affected countries. In the Netherlands, the Dutch High Tech Crime Unit, a division of the Dutch National Police that investigates some of the world’s most advanced financial cybercrime, had also been briefed.
The silence around the investigation appears motivated in part by the reluctance of banks to concede that their systems were so easily penetrated, and in part by the fact that the attacks appear to be continuing.
Kaspersky North America managing director Chris Doggetof said that the “Carbanak cybergang,” named for the malware it deployed, represents an increase in the sophistication of cyberattacks on financial firms.
“This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert,” Doggett said.
As in the recent attack on Sony Pictures, which Obama again said on Friday had been conducted by North Korea, the intruders in the bank thefts were enormously patient, placing surveillance software in the computers of system administrators and watching their moves for months. The evidence suggests this was not a nation state but a specialized group of cybercriminals.
The hackers’ success rate was impressive. One Kaspersky client lost US$7.3 million through ATM withdrawals alone, the firm said in its report. Another lost US$10 million from the exploitation of its accounting system.
In some cases, transfers were run through the system operated by the Society for Worldwide Interbank Financial Telecommunication (SWIFT) which banks use to transfer funds across borders. It has long been a target for hackers — and long been monitored by intelligence agencies.
Doggett likened most cyberthefts to “Bonnie and Clyde” operations, in which attackers break in, take whatever they can grab, and run. In this case, Doggett said, the heist was “much more Ocean’s Eleven.”
To many, Tatu City on the outskirts of Nairobi looks like a success. The first city entirely built by a private company to be operational in east Africa, with about 25,000 people living and working there, it accounts for about two-thirds of all foreign investment in Kenya. Its low-tax status has attracted more than 100 businesses including Heineken, coffee brand Dormans, and the biggest call-center and cold-chain transport firms in the region. However, to some local politicians, Tatu City has looked more like a target for extortion. A parade of governors have demanded land worth millions of dollars in exchange
An Indonesian animated movie is smashing regional box office records and could be set for wider success as it prepares to open beyond the Southeast Asian archipelago’s silver screens. Jumbo — a film based on the adventures of main character, Don, a large orphaned Indonesian boy facing bullying at school — last month became the highest-grossing Southeast Asian animated film, raking in more than US$8 million. Released at the end of March to coincide with the Eid holidays after the Islamic fasting month of Ramadan, the movie has hit 8 million ticket sales, the third-highest in Indonesian cinema history, Film
Taiwan Semiconductor Manufacturing Co’s (TSMC, 台積電) revenue jumped 48 percent last month, underscoring how electronics firms scrambled to acquire essential components before global tariffs took effect. The main chipmaker for Apple Inc and Nvidia Corp reported monthly sales of NT$349.6 billion (US$11.6 billion). That compares with the average analysts’ estimate for a 38 percent rise in second-quarter revenue. US President Donald Trump’s trade war is prompting economists to retool GDP forecasts worldwide, casting doubt over the outlook for everything from iPhone demand to computing and datacenter construction. However, TSMC — a barometer for global tech spending given its central role in the
Alchip Technologies Ltd (世芯), an application-specific integrated circuit (ASIC) designer specializing in server chips, expects revenue to decline this year due to sagging demand for 5-nanometer artificial intelligence (AI) chips from a North America-based major customer, a company executive said yesterday. That would be the first contraction in revenue for Alchip as it has been enjoying strong revenue growth over the past few years, benefiting from cloud-service providers’ moves to reduce dependence on Nvidia Corp’s expensive AI chips by building their own AI accelerator by outsourcing chip design. The 5-nanometer chip was supposed to be a new growth engine as the lifecycle
RSS