The greatest heist of the century: hackers stole $1 bln.
Carbanak is a an APT-style campaign targeting (but not limited to) financial institutions that was claimed to have been discovered in 2015 by the Russian/UK Cyber Crime company Kaspersky Lab who said that it had been used to steal money from banks. The malware was said to have been introduced to its targets via phishing emails. The hacker group was said to have stolen over 500 million dollars, or 1BN dollars in other reports, not only from the banks but from more than a thousand private customers. – Kaspersky Labs
To date, the main targets have been in the United States and Russia followed by Germany, Ukraine and China. Not only is the amount stolen large and the number of institution breached many, but the amount of time this has been going on has been long, years, in fact. The official Kaspersky Labs report claims to have evidence of this beginning in 2013. The way the hackers extracted money were varied. Sometimes it was relatively simple: the virus would attack an ATM and would just spit out loads of cash at a scheduled time, allowing a member of the hacking team to go and pickup the cash. Other times it used sophisticated methods: attacking the accounting system, incorrectly placing the decimal point of an account so the account balance was ten times more than it should be and then it would correct it by transferring the extra amount into accounts it had setup in other banks, laundering the funds and making it legit. Essentially, it was creating money. And the correction would go unnoticed because all of this would take place before the banks would have run a account balance check, which banks do with every account, though it’s been found out that many banks only do this about once every ten hours.
While I am able to explain it to you, my reader, in just one long sentence about one of its sophisticated methods, you must understand that there are multiple systems checking for correct coding of every transaction and every account. In order to go undetected, the virus must be able to do two things very well: it must understand the various languages used by various systems and the algorithms being used by these systems for both routine and special operations as well as mimic human interaction with these systems. The first part might sound like a defined problem that can be solved but it isn’t. The algorithms are built to change as it learns more. Carbanak was designed to learn and wait long before executing its financial transactions, if one can call it that.
Kaspersky Labs is the name of a cyber security firm based out of Russia named after its founder, Eugene Kaspersky. Kaspersky was trained in mathematical engineering at Moscow Institute of Physics and Technology, which was established and run by the Russian Defense Ministry and the KGB, Russian intelligence. Because of this background, the Lab hasn’t received as much business as it could have. However, over the years, with Kaspersky writing and opining about cyber crime and cyber security in reputable media outlets and with the Lab’s success in forensic research, like this one, Kaspersky Lab has been garnering more and more corporate clients. Kaspersky Lab also has retail security products.
Below, I have provided the report and various inforgraphics that Kaspersky Labs has created to educate the world on Carbanak. Also, I have provided a list of links that will help you quickly understand the issues surrounding the initiation, operation and discovery of the virus.
About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.