Photo: 01NSD via YouTube
A Russian hacker has begun recruiting associates from around the world to hack into American banks before they scale up their security regimes.The campaign was first accounced in a release by cyber security firm RSA:
“In a boot camp-style process, accomplice botmasters will be individually selected and trained, thereby becoming entitled to a percentage of the funds they will siphon from victims’ accounts into mule accounts controlled by the gang. To make sure everyone is working hard, each botmaster will select their own ‘investor,’ who will put down the money required to purchase equipment for the operation (servers, laptops) with the incentive of sharing in the illicit profits. The gang and a long list of other accomplices will also reap their share of the spoils, including the money-mule herder and malware developers.
RSA called it “the most substantial organised banking-Trojan operation seen to date.”
Investigative reporter Brian Krebs published a closer look at the threat today.
The goal is to exploit how American ones lack two-step authentication services for wire transfers, Krebs says.
The ringleader’s handle is “vorVzakone,” which Krebs says translates as “thief in law,” a term used to describe an entire subculture of criminal gangs, Krebs says. “The term is sometimes also used to refer to a single criminal kingpin,” he adds.
vorVzakone is so confident of the scheme that he allegedly posted a video of himself announcing the plan (it’s in Russian):
But the brazenness has led to scepticism within the hacker community that this is a legit scheme, Krebs says. Some hackers fear vorVzakone is actually working for law enforcement.
Still, Krebs says, banks need to be on guard.