How Exactly Do Cyber Criminals Steal $78 Million?

  • Share
  • Read Later
Ojo Images / Getty Images

These guys might be stealing your money right now.

Let’s say you’re a cyberthief who just compromised hundreds of bank accounts worth millions of dollars. Congratulations! You’re now the scourge of the global community. Now, all you need to do is get your hands on that money. How do you do that? You don’t just walk into a bank and stroll out with bags of cash – do you? Or do you?

Last week, two security firms announced that tens of millions of dollars had likely been stolen from bank accounts all around the world through new, sophisticated variants of malware called Zeus and SpyEye.

(MORE: The Stubborn Consumers Who Just Aren’t Buying Cars)

The days of dramatic bank heists have been over for years. In 2011, street crime was down 20% globally, says Tom Kellermann, vice president of cyber security for Trend Micro. Instead, ambitious criminals are embracing cybercrime, and thieves and the software they use are getting smarter, harder to combat and easier to access online.

“Now anyone can download a cyber Kalashnikov, a cyber getaway car and a cyber grenade from a myriad of sites,” says Kellermann.

The newest cyber grenades have fully automated capabilities that eliminate the need for hackers to manually transfer funds from one account to another. That allows the thief to stay much more hidden than in the past. Hackers also now use entire servers that are customized to target individual banks. But the scarier part is that most users who are hacked won’t even know their account has been compromised until long after their money has disappeared.

Malware plug-ins called “webinjects” are now sold among criminals that can make it appear that everything’s on the up-and-up with your account. It can include a feature called “balance replacer” that sends the compromised account false information that will hide any fraudulent activity. Others can capture one-time passwords and balance information.

This level of sophistication was found in Operation High Roller, a cyber attack that targeted both individuals and businesses and likely stole about $78 million across Europe, Latin America and the United States. The amount of attempted fraud was well over a billion dollars, says Dave Marcus, director of advanced research and threat intelligence at security company McAfee.

But once thieves are able to transfer money out of an account, how do they then actually get their hands on it? Anonymously shifting a bunch of ones and zeros around cyber space is one thing, after all — actually walking out of a bank with a wad of cash seems like it’d be a much riskier endeavor. But, that actually turns out to be the easy part.

(MORE: How Biology Can Explain What Drives Banks to the Brink of Disaster)

There are basically a couple ways criminals go about it. First, they can use an existing hijacked account, in which they can transfer money in and out, all outside of normal banking hours so it goes undetected by the actual accountholder. Or they can use a money mule, which is someone who knows that their account is being used for illegal purposes but gets a small chunk of the money.

Second, thieves can use alternative payment channels — essentially less legitimate versions of PayPal. Kellermann says there are about 200 of these sorts of services out there, of basically two types: systems that don’t require any personal information, and systems that require very little information that can be easily falsified. Cyber criminals can transfer funds to those channels, and debit cards can often be linked to the accounts. And they can create an unlimited number of accounts, so if one is compromised by law enforcement, they simply switch to another.

As mobile payments become more common, cyber criminals are increasingly using hacked phones as payment devices. And because transactions are made in real time, those payments can’t be undone. Because of the false information that is fed to the financial institution and the accountholder, the money is often in the hands of cyberthieves before either of them realize it.

So is there anything consumers can do to protect themselves? “I’m terribly sorry to tell you this, but until the financial services industry provides more security, this kind of attack cannot be thwarted,” says Kellermann.

Ok – so that’s depressing. However, McAfee’s Marcus suggests (not surprisingly) that some software (read: McAfee software) can help protect consumers’ accounts as long as they stay current on downloading all of the security updates.

Joe DeMarco, a New York attorney who has worked on cybercrime issues for years, suggests changing passwords frequently and staying away from questionable websites, which could put your computer at risk of being compromised. Also, he recommends conducting a mini audit of your  statement every month. Yes – all little things, but that’s about the best any of us can do.

MORE: Hackers Are the New Mob: White House Gets Serious on Cybercrime

10 comments
SandraBuckless
SandraBuckless

ANY ONE WITH THIS BANK ACCOUNT IN USA USED EMAIL HAMZABEN.D@HACKERMAIL.COM HE WI L LOAD FROM 10K TO 20 K NO UPFRONT FEE AND YOU SHARE WITH HIM 50 50

EUITY ACCOUNT NAVY CREDIT UNION AND ALL THISBOA, CHASE, OLD USAA, ALLY BANK, CHARLES SCHWAB BANK, BECU BANK, NAVY FEDERAL CU, SF POLICE CU, Equity Line Of Credit, CA & US CC

Reply

Hopebest
Hopebest


GEOACL geographical access control lock - location based security would have prevented hackers from being able

to steal money from user's bank accounts and credit cards. Individual users location configurations would have

made life much difficult for hacking to succeed. GEOACL is simple to implement and easy to configure by end

users. Because each user's locations would be different it would have been much difficult for hackers to spend

that much energy for each user account and they would have caught easily because of alerts that GEOACL

provides.

No extra hardware, device or software required by customers, end users. To see how GEOACL works and where it

can be implemented,

Visit www dot geoacl dot com for more details

Like us on facebook www dot facebook dot com

Ian Stallings
Ian Stallings

Cool picture, crackers in hoodies working away in what appears to be a chop shop. I'm gonna use that one.

bzelbub
bzelbub

Considering all the fees that banks creatively add on to accounts, I'm surprised they aren't making a killing on scraping millions off of the scammers millions. I starting to think that a mattress or an old coffee can is preferable to a bank.

Hopebest
Hopebest

@bzelbub


GEOACL geographical access control lock - location based security would have prevented hackers from being able

to steal money from user's bank accounts and credit cards. Individual users location configurations would have

made life much difficult for hacking to succeed. GEOACL is simple to implement and easy to configure by end

users. Because each user's locations would be different it would have been much difficult for hackers to spend

that much energy for each user account and they would have caught easily because of alerts that GEOACL

provides.

No extra hardware, device or software required by customers, end users. To see how GEOACL works and where it

can be implemented,

Visit www dot geoacl dot com for more details

Like us on facebook www dot facebook dot com

f_galton
f_galton

Sorry, but that's not how we do it all.

Deon Fialkov
Deon Fialkov

LMAO...what a funny subject line for an article...

Interesting read ...

 

Toothy Grins
Toothy Grins

Great picture!   This is a sad fact of life.  If crime is easy and pays handsomely,  more people will do it.   they do not understand that they are hurting real people.

Or, perhaps they do and they do not care.  

It is sad in any case.  The people who work hard for a living end up supporting everyone else in one way or another.  That is sad, isn't it?  

AgeDater. C om
AgeDater. C om

Age gap dating is trending

nowadays. Many women are looking to date older men cuz older men are

usually more stable and mature. For older men, dating younger women simply

makes them feel alive and young again. No matter you want older men or younger women,

check out ~~~  MY NAME ~~~  and take a try! You have nothing to lose!

 

bojimbo26
bojimbo26

The answer is , very easily .