Las Vegas – McAfee CTO Mike Fey at the Focus 2012 Conference, held here, described a new type of bank robber that would make John Dillinger and the Boyd Gang look like they were from the stone-age.
Fey said that bank heists in Germany, the Netherlands and other European countries that occurred in June of this year totaled more than $59 million. These bank jobs is considered to be the 4th largest bank robbery in history; was pulled off “with no human participation required.”
According to Fey, this operation (called High Roller) combined insider level knowledge of the banking transaction systems and security attacks. Fey believes one group is responsible, but wasn’t sure if that group is associated with organized crime factions.
What McAfee has learned about these heists is that 60 servers started processing thousands of attempted thefts from individuals with high net worth who owned or worked for SMB businesses and had high-value commercial accounts. These people were called “high rollers” by the cybercrooks. Mule business accounts were used and the attempted transfers averaged in the thousands of Euros, with some transfers going as high as $130,000.
The cybercrooks not only targeted big banks but also smaller financial institutions such as credit unions and regional banks.
“It was the most technically sophisticated malware we have ever seen,” Fey said.
He added that McAfee is still debating internally how many modules are in this malware. “This is incredible complex, but it is espionage as it can take over a user’s screen, takes out Bluetooth and gives hackers all access.”
McAfee has categorized the malware developers into three areas: Enemy nation states, hackivists and cybercrooks.
He called Operation High Roller “depressing”. From what McAfee knows Fey told CDN that there were four campaigns; two of which they have information on.
The crooks moved all across the globe on a daily basis. It started with simple phishing and Zeus attacks. Fey said that those attacks are things McAfee and the security community has seen for a long time. But Operation High Rollers then went to transaction servers monitoring banking with a keen eye on the behaviour of the targeted victims. “The crooks would ask themselves should I steal from you.” The cyber bank robbers would target someone with cash who moved cash frequently. The crooks also targeted small amounts of cash knowing that the banks would process them and not bring up any red flags. The malware would then high jack the user’s browser and give the unsuspecting user a new set of instructions that looked like the core banking site. The crooks were able to get through even sophisticated passwords and log in to the user’s account and act as a man in the middle.
The bank would send out a two-factor authentication request such as what is your mother’s maiden name, but the crooks somehow managed to get past that at super speed.
The user then sees a maintenance screen asking for some time for the system to make a repair of some kind. It is here when the hackers steal and the user never suspects anything because he or she is given a phony statement that looks accurate.
“The hackers do not get greedy because they know the platform will allow so much. So they steal just a percentage of money available,” Fey said.