Malware was used by the gang to spy on bank clerks
Malware was used by the gang to spy on bank clerks

The $1 billion bank heist: Cyber gang steals from 100 institutions in 'unprecedented robbery'

The criminal gang is believed to be based in Europe and China

Lamiat Sabin@LamiatSabin
Monday 16 February 2015 08:56

A criminal cyber gang has stolen as much as $1 billion (£650 million) from up to 100 financial institutions in about two years, a computer security company said yesterday.

The gang – dubbed “Carbanak” by Russian security company Kaspersky – has been stealing directly from banks rather than posing as customers to withdraw money in the biggest cyber heist to date.

Kaspersky said it was working with Interpol, Europol and authorities from different countries to uncover details on what is described as “an unprecedented robbery” on banks around the world.

The cyber criminals come from Europe, including Russia and Ukraine, as well as China – the company claimed.

Emails were sent by the gang to select employees to trick them into opening malicious software files in a technique known as spear phishing.

They were then able to get into the internal network and track down administrators’ computers for video surveillance.

Cash machines were ordered by the gang to withdraw money

With this method, Kaspersky said, the criminals learned through spying how the bank clerks worked and how money could be transferred.

Carbanak sometimes inflated account balances before taking the extra money. The account holder would likely not suspect a problem because the legitimate funds were still there.

The gang also remotely controlled ATMs and ordered them to dispense cash when a member would be waiting to collect the money.

“These attacks again underline the fact that criminals will exploit any vulnerability in any system,” Sanjay Virmani, director of Interpol Digital Crime Center, said in a statement prepared by Kaspersky.

“It also highlights the fact that no sector can consider itself immune to attack and must constantly address their security procedures.”

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

View comments