The New York Times has published a dramatic story about how a gang of hackers broke into banks around the world and stole up to $US1 billion.
There are some interesting details published in the Kaspersky report that reveal how the hackers managed to take over the bank computer systems and make away with their millions.
The hack took months, and the people behind it were incredibly patient.
It looks like the hacking gang (known as “Carbanak” after the software they used) used an old trick.
The Kaspersky report says that the hackers sent emails to bank employees which looked like normal office messages. Unsuspecting bank employees clicked on the emails, and that let the hackers into the system.
Security writer Brian Krebs has a slightly different explanation for what went on. He says that the Carbanak gang is also known as “Anunak,” and they used security flaws in Microsoft Office to hack into banks.
Krebs says that Microsoft had already fixed the holes, but many banks hadn’t updated their systems. He also says that hackers may have purchased access to the banks from other hackers who had previously broken into the systems.
It’s not clear whether the employees clicked on links in the emails or downloaded files before their machines were infected with the hackers’ malware.
Either way, the next step in the hack is interesting: Hackers used remote access tools (a “RAT”) to stay inside the network for months, monitoring what employees did.
Remote access tools are usually used by customer support staff to see what’s wrong with someone’s computer. But the bank hackers had a very different use for the software. They captured screenshots and videos of the computer systems that helped them learn how bank employees use their network. Hackers used the videos to impersonate their actions and make it look as if those actions were normal transactions.
The entire hack — including the period in which the hackers were remotely spying on the bank screens — took months.
Once the hackers understood how each bank worked, they were able to move money around and order cash to be released from ATMs.