Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

'Operation High Roller' bank hack nets cybercriminals 48 million
Tech World ^ | 6/26/12 | Ellen Messmer

Posted on 06/26/2012 4:19:22 PM PDT by Kartographer

A global fraud ring has been targeting high net-worth businesses and individuals has netted the criminals an estimated €60 million (£48 million).

According to McAfee and Guardian Analytics which today issued a report on the fraud, "Dissecting Operation High Roller," the attacks, first identified this winter, have hit 60 or more institutions and the total amount stolen may in fact be may be much higher.

The two security firms say they have tracked "at least a dozen groups" that are relying on "server-side components and heavy automation" with about 60 servers processing thousands of attempted thefts from commercial accounts and the rich. This appears to be happening mainly in the European Union countries, though there's also evidence of it in Latin America and the US. These attacks are said to differ from the known malware-based SpyEye and Zeus attacks in that they are far more automated and usually done without human intervention.

(Excerpt) Read more at news.techworld.com ...


TOPICS: Business/Economy; Crime/Corruption; Foreign Affairs
KEYWORDS: computerfraud; hackers
Down the rabbit hole!
1 posted on 06/26/2012 4:19:32 PM PDT by Kartographer
[ Post Reply | Private Reply | View Replies]

To: Kartographer

Spreading to America per McAfee:

How the high-tech mantra of “automation and innovation” helps a multi-tiered global fraud ring
target high net worth businesses and individuals. Building on established Zeus and SpyEye tactics,
this ring adds many breakthroughs: bypasses for physical multi-factor authentication, automated
mule account databases, server-based fraudulent transactions, and attempted transfers to mule
business accounts as high as €100,000 ($130,000 USD). Where Europe has been the primary target
for this and other financial fraud rings in the past, our research found the thefts spreading outside
Europe, including the United States and Colombia.

http://www.mcafee.com/us/resources/reports/rp-operation-high-roller.pdf


2 posted on 06/26/2012 4:21:05 PM PDT by Kartographer ("We mutually pledge to each other our lives, our fortunes and our sacred honor.")
[ Post Reply | Private Reply | To 1 | View Replies]

To: Kartographer

SHTF Plan Story on the hack with a link to Sky News Video Story:

http://www.shtfplan.com/headline-news/security-report-massive-cyber-attack-in-progress-in-the-usa-europe-latin-america-2-5-billion-siphoned-from-financial-institutions-so-far_06262012


3 posted on 06/26/2012 4:22:26 PM PDT by Kartographer ("We mutually pledge to each other our lives, our fortunes and our sacred honor.")
[ Post Reply | Private Reply | To 2 | View Replies]

To: Kartographer

The article doesn’t say how they are doing it but it looks like they’re getting a rootkit onto one of the banks computers then getting whatever credentials the banker uses to authenticate transactions, scanning for the high value accounts and using the bankers credentials transferring the loot out of country and eventually to some mobsters account in Russia.

There are automated tools available on the internet and some good YouTube training videos on how you can set up what’s known as a botnet that can be used for all sorts of bad things. This just looks like they’ve figured out how to fully automate the process so I would assume that means that most banks use the same software (or a limited set) for financial transactions, otherwise this would be tough to automate.

You would think that the IT departments at most of these places would be as good as you could afford but I imagine the bankers had to cut somewhere to keep those bonuses flowing. Not to worry though, you the tax payer will make good on all the loses.


4 posted on 06/26/2012 4:41:07 PM PDT by trapped_in_LA
[ Post Reply | Private Reply | To 1 | View Replies]

To: trapped_in_LA

The big banks I’ve worked with have better security than the US govt does. That said, its very difficult to get every vulnerability in every system.

American banks generally take security far more seriously than banks elsewhere.


5 posted on 06/26/2012 4:47:20 PM PDT by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: trapped_in_LA

We had a customer that had a server hacked with a phishing site created on one of their web servers. It appeared to be an automated attack which leveraged a vulnerability on wordpress. From there they were able to install several other files on the server. It was stopped before they could do anything else but we found other vulnerabilities which would have allowed them to gain access to most of the network.

This was on a linux server and they didn’t even need root to do this. It was all done through application software which hadn’t been properly patched.


6 posted on 06/26/2012 4:53:45 PM PDT by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: driftdiver

OK I read the McAfee pdf on the attack. The banks weren’t compromised (thank God, other wise I’d never get any sleep at night). They did a standard spear phishing attack on the customers side, rootkitted them and then did a man in the middle attack on the smart card for the European customers and various attack methods on the US customers. Not anything blazingly new just very automated and sophisticated I am impressed.

As far as your comment on the US government versus the banks I can believe that for most of the US government but there are some parts that are very much ahead of the banking system. That said most of the government is doing a much better job than they used to and certainly much better than the private sector. There is a world of difference between the security at my work place and at my customers site (which is part of the US government).


7 posted on 06/26/2012 5:31:35 PM PDT by trapped_in_LA
[ Post Reply | Private Reply | To 5 | View Replies]

To: driftdiver

“... It was all done through application software which hadn’t been properly patched.”

That’s always the killer, if you don’t keep up with the security patches you’re dead meat.


8 posted on 06/26/2012 5:34:04 PM PDT by trapped_in_LA
[ Post Reply | Private Reply | To 6 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson