money on a background of compter programming design

Images courtesy of Fotalia & Microsoft

Biggest Bank Heist in History?
| published February 17, 2015 |

By Thursday Review staff

Law enforcement officials around the globe are calling it a hybrid attack—a combination of cyber-attack, garden variety hack-for-cash, and bank heist. But no matter how you define it or pigeon-hole it, the theft was the largest bank robbery in human history. All told, the volume of missing cash exceeds $1.1 billion.

The robbery was also highly sophisticated: thieves did not steal cash from individual customer accounts, at least not in the traditional way of bank hackers. Instead, the thieves took primarily the bank’s money—earnings, self-insurance, cash held in escrow, profits, capital set aside for growth and reinvestment. But law enforcement officials in Russia, the United States and the U.K. warn that because the hackers gained such stealthy access to bank databases and file servers, customers may still be at risk.

The hackers attacked primarily the computer networks of scores of major banks in Russia, the Ukraine, China, Germany, Italy, and the United States, though ultimately the cyber-thieves gained access to the computer systems of more than 100 banks in about 30 countries.

In the United States, however, the FBI and security experts in the banking industry say that only a few U.S.-based banks were hit in the massive heist. But officials are looking closely for signs that a similar large-scale attack could happen in the U.S., and banking experts are scrutinizing the possibility that in the complex- interconnect world of finance, that some portals and electronic backchannels to U.S. banks might be exposed.

The FBI and American bank officials offer their usual, boilerplate advice: check your bank statements and debit card statements carefully, and always remain vigilant. The criminals may have spared individual customers’ accounts, but because they breached the walls so completely, the hackers may come back for more. Customer information may have been among the things stolen along with all that cash.

The bank robbers used one of the simplest and oldest forms of cyber-trickery to gain access to the banks computer networks: embedding a friendly and official-looking email with an attachment. The emails were crafted to look familiar to even the highest-level bank employees. When bank officials opened the email’s attachment, it quietly ran a program which opened secure doors and allowed the hackers access to financial data, balances, and company assets. The malware allowed the hackers to operate under the guise of authorized employees. The process is called “Spear Fishing.”

Once inside the secure network, the cyber-thieves then carefully transferred the money—using increments and denominations which would not raise red flags—into other accounts or into other legitimate banks, whereupon the funds were withdrawn or shifted yet again. In some cases, hackers wrote specialized code which turned busy ATM’s into robots which simply spit out cash in increments of $500, over and over. One bank was hit for more than $7 million in a matter of hours when its ATM network was reprogrammed to spit out cash at designated times.

Most of the stolen loot was ferreted out using normal internal and external transfer procedures, and in only amounts designed to draw little attention. Law enforcement officials are looking at the possibility that the hackers may have had inside help—assistance from one or more persons with a keen understanding of cyber networks and computer systems, as well as familiarity with banking policy and procedures, especially transfer authorizations.

Though the hacks were spread out over several countries and time zones, law enforcement officials believe that the criminals operated as a sort of technology consortium, with scores of individuals—each with relevant skills—assisting in the massive heist. Banking security experts believe that the criminals gained access many weeks—if not months—before any cash was stolen or transferred, a clue to law enforcement that the hackers were patient, as well as determined to learn. The cyber-criminals transferred their first loot only after they had carefully scrutinized every aspect of the banks’ networks.

Related Thursday Review articles:

China May be Behind Anthem Cyber Attack; Thursday Review staff; Thursday Review; February 6, 2015.

Hacker Versus Hacker; R. Alan Clanton; Thursday Review; December 31, 2014.