Get 40% Off
🤯 This Tech Portfolio is up 29% YTD! Join Now to Get April’s Top PicksGet The Picks – Just 99 USD

Hackers hit U.S., Russian banks in ATM robbery scam: report

Published 12/11/2017, 01:06 PM
Updated 12/11/2017, 01:06 PM
© Reuters. FILE PHOTO: A magnifying glass is held in front of a computer screen in this picture illustration taken in Berlin

© Reuters. FILE PHOTO: A magnifying glass is held in front of a computer screen in this picture illustration taken in Berlin

By Eric Auchard

FRANKFURT (Reuters) - A previously undetected group of Russian-language hackers silently stole nearly $10 million from at least 18 mostly U.S. and Russian banks in recent years by targeting interbank transfer systems, a Moscow-based security firm said on Monday.

Group-IB warned that the attacks, which began 18 months ago and allow money to be stolen from banks' automated teller machines (ATMs), appear to be ongoing and that banks in Latin America could be targeted next.

The first attack occurred in the spring of 2016 against banks in First Data's (N:FDC) "STAR" network, the largest U.S. bank messaging system connecting ATMs at more than 5,000 organizations, Group-IB researchers said in a 36-page report.

In a statement, First Data said that a number of small financial institutions operating on the STAR network had had their credentials breached for administering debit cards earlier in 2016, leading First Data to implement new mandatory security controls. It said the STAR network was never itself breached.

The firm said it was continuing to investigate a number of incidents where hackers studied how to make money transfers through the SWIFT banking system, while stopping short of saying whether any such attacks had been carried out successfully.

SWIFT said in October that hackers were still targeting its interbank messaging system, but security controls instituted after last year’s $81 million heist at Bangladesh’s central bank had thwarted many of those attempts. (http://reut.rs/2z1b7Bo)

Group-IB has dubbed the hacker group "MoneyTaker" after the name of software it used to hijack payment orders to then cash out funds through a network of low-level "money mules" who were hired to pick up money from automated teller machines.

The security researchers said they had identified 18 banks who were hit including 15 across 10 states in the United States, two in Russia and one in Britain. Beside banks, financial software firms and one law firm were targeted.

The average amount of money stolen in each of 14 U.S. ATM heists was $500,000 per incident. Losses in Russia averaged $1.2 million per incident, but one bank there managed to catch the attack and return some of the stolen funds, Group-IB said.

Hackers also stole documentation for OceanSystems’ Fed Link transfer system used by 200 banks in Latin America and the United States, it said. In addition, they successfully attacked the Russian interbank messaging system known as AW CRB.

Once hackers penetrated targeted banks and financial organizations, they stole internal bank documentation in order to mount future ATM attacks, Group-IB said. In Russia, the hackers continued to spy on bank networks after break-ins, while at least one U.S. bank had documents robbed twice, it said.

Group-IB said it had notified Interpol and Europol in order to assist in law enforcement investigations.

© Reuters. FILE PHOTO: A magnifying glass is held in front of a computer screen in this picture illustration taken in Berlin

The unidentified hackers used a mix of constantly changing tools and tactics to bypass anti-virus and other traditional security software while being careful to eliminate traces of their operations, helping them to go largely unnoticed. To disguise their moves, hackers used security certificates from brands such as Bank of America (NYSE:BAC), the Fed, Microsoft (NASDAQ:MSFT) and Yahoo (NASDAQ:AABA).

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.