Updated 11.08am, 17 February
IRISH BANKS WERE among those targeted by a multinational criminal gang in ‘cyber heists’, according to security experts in Russia.
Kaspersky Lab today said as much as $1 billion (€880 million) is thought to have been stolen from 100 financial institutions across the world over the past two years.
The gang, known as Carbanak and operating from China, Russia, and the European Union, were able to transfer money out of banks after first gaining access to internal computer systems.
Malware was installed on individual employees’ computers using phishing techniques, which allowed the gang to see the internal workings of the bank in intricate detail.
This allowed them to mimic the activity of bank clerks in order to covertly transfer money out of banks, Kaspersky Lab said in a statement, or to hack into ATMs in order to release massive sums of cash at designated times.
The New York Times reports that late in 2013 this was witnessed at an ATM in Kiev.
‘Piles of money’ poured from the machine on to the street.
Computer systems
The bank’s computer systems were subsequently found to have been compromised.
Kaspersky believes financial institutions in more than two dozen countries – including Ireland – may have been affected.
Most of the targets have been in Russia, the US, Germany, China and Ukraine, although the attackers may be expanding throughout Asia, the Middle East, Africa and Europe.
In one case, a bank lost €6.4 million through ATM fraud. In another case, a financial institution lost €8.82 million by the attackers exploiting its online banking platform.
The methods target the banks themselves, rather than the customer.
For example, a bank account containing €1,000 could have €1,000 transferred into it. This €1,000 would then be transferred to the hackers’ account, meaning the customer wouldn’t notice a difference.
“The attackers didn’t even need to hack into the banks’ services: once they got into the network, they learned how to hide their malicious plot behind legitimate actions. It was a very slick and professional cyber-robbery,” said Sergey Golovanov, a Principal Security Researcher at Kaspersky, said.
These bank heists were surprising because it made no difference to the criminals what software the banks were using. So, even if its software is unique, a bank cannot get complacent.
However, the attacks have yet to be confirmed.
Europol boss Rob Wainright told BBC News that the organisation is currently working to find out more.
Warnings have been issued to police forces and European banks.
A spokesperson for gardai said:
We do not comment on communications with police forces or security agencies from other jurisdictions. An Garda Síochána works closely with financial institutions and our international police colleagues including Europol in respect of this form of organised criminal activity.
Additional reporting by Associated Press
To embed this post, copy the code below on your site
have your say