Reports have surfaced from a cyber security firm in Russia working closely with Interpol and Europol released a statement outlining how a group of Russian hackers were able to find their way into 100 different secure banking systems spread across 30 countries, including here in Canada; and over the course of several years eavesdrop on the banks while collecting enough information to safely steal 1 billion dollars.
Since late 2013, an unknown group of hackers has reportedly stolen $300 million — possibly as much as triple that amount — from banks across the world, with the majority of it’s victims though in Russia.
It was determined that one method of infiltration the hackers used was a technique called “Spear Phishing” (not to be mixed up with last week’s Tech Talk on Phishing) which ended up installing malware programs to hundreds of bank employees computers, hoping to infect a bank’s administrative computer.
Programs installed by the malware record keystrokes and take screen shots of the bank’s computers, so that hackers can learn bank procedures. They also enable hackers to control the banks’ computers remotely.
And so, by mimicking normal bank procedures by spending years remotely watching in on bank employees, hackers direct the banks’ computers to steal money in a variety of ways:
- Transferring money into hackers’ fraudulent bank accounts.
- Using e-payment systems to send money to fraudulent accounts overseas.
- Directing A.T.M.s to dispense money at set times and locations.
What is SpearPhishing?
SpearPhishing is a targeted version of phishing that usually focuses on a specific company, or in this case a bank, and combines tactics such as sending out an email that it looks like it is coming from a bank manager enticing all bank employees to click on a link in their email or open an attachment so as to gain control of that computer.
And so the final goal in this type of attack it to install malicious software onto as many company machines as possible for long-term access in the hopes of learning the companies digital routines so as to use them to steal money or information.
And so we don’t have to look too far back in time to see this technique at work: The Sony Pictures Entertainment cyber attack is just one high profile example. Ultimately thought, because everyone, including all companies use email, if a hacker wants to get into a system, they have the means and way to.
Because this attack is at a bank level, it would be much harder for us to defend against it. We are essentially relying on the security of the bank for first defence. And it is obvious from this digital heist that sophisticated security intrusion detection software is not enough. With that in mind though, keeping a very close eye on your bank statements and using bank monitoring resources could help.
Malware specialist for Symantec AntiVirus Services stated that nearly 90 per cent of all e-mails in Canada are spam and that one in 383 emails contains malware or a virus. Those are very high statistics to say the least. So, unfortunately, it could mean all people will be asked to give up their privacy to guarantee security and that might mean creating Cyber Security Laws allowing our government to routinely spy on all our email, phone calls, and text messages. Ultimately though, fighting cybercrime will mean much more than just changing your password.
The Government of Canada website at: http://www.publicsafety.gc.ca has lots of helpful information and links for anyone looking for any additional information.
