Bank hackers find haven in Putin’s Russia

The Hill reports: The diplomatic standoff between the United States and Russian President Vladimir Putin is hobbling efforts to prosecute cyber crime against American banks.

Russian hackers played a major role in the newly exposed worldwide cyber heist, where thieves learned how to imitate bank employees to withdraw more than $1 billion from 100 banks.

While analysts suspect the heist originated in Ukraine and Eastern Europe, that information is of little use to American law enforcement officials who are getting no help from Moscow when it comes to catching cyber thieves.

“Trying to get cooperation from law enforcement in that area is, in many cases, actively hampered by the Russian government,” said Stu Sjouwerman, CEO of cybersecurity training firm KnowBe4, which most often works with banks.

“Given the current relationship between the United States and Russia, [cooperation] does not seem likely,” added Peter Toren, a cyber crime attorney who was part of the Department of Justice’s original batch of computer crimes prosecutors.

Last August, Russian digital thieves were blamed for the cyber attack on JPMorgan that exposed sensitive data on over 83 million households. Reportedly, the same attack infiltrated up to nine other major banks.

“Harassment of U.S. financial firms is just part of the bigger picture and it is the price of business to some degree,” Sjouwerman said.

Experts believe much of the hacking occurs either at the behest of Putin’s government, or with its tacit approval. Some speculated the JPMorgan hit was retaliation for the new U.S. sanctions that were slapped on Russia as the country amassed troops on the Ukraine border. [Continue reading…]

Wade Williamson writes: For several years now, cybercrime in the financial sector was synonymous with banking botnets such as Zeus and Carberp. By and large, these malware families and their many descendants worked by infecting banking customer’s computers and either stealing passwords or manipulating online banking sessions to steal funds.

A recent report from Kaspersky Lab shows that criminals have significantly raised their game with a new strategy focused on infiltrating and stealing directly from more than 100 different banks. Kaspersky named the operation the Carbanak APT and early estimates put losses in the range of $1 billion USD.

As you might expect, robbing a bank can be more lucrative than stealing from its customers. Even highly successful Zeus operations would typically net in the range of $100 million USD or less. Carberp, the banking botnet progenitor of Carbanak, was estimated to have earned a total of $250 million over years of use in the wild. This makes the $1 billion dollar Carbanak heist one of the most successful financial cybercrimes in history. [Continue reading…]

Facebooktwittermail