Carbanak Hackers Steal $1B From Banks Worldwide

Carbanak Hack

More than 100 banks in 30 nations have been successfully targeted by a ring of hackers that have stolen up to $1 billion, according to a report from Russian security firm Kaspersky Lab. The thefts were committed by a gang of hackers, which Kapersky dubbed Carbanak, since 2013, reports BBC News.

Though the full scope of the attack is still under investigation, the details already uncovered show that it could be one of the largest banking industry thefts ever, reports The New York Times. Kaspersky Lab has not named any targeted financial institutions, citing nondisclosure agreements, but did report that it found evidence through its banking clients of $300 million in theft and has estimated the total could more than triple that amount.

The list of banks that were hacked includes some in the United States, Japan and European nations, though the majority were Russian banks. However, Doug Johnson, senior vice president at the American Bankers Association, told The Associated Press that there is no evidence that a U.S. bank was victimized in this particular breach. The White House and FBI were sent copies of the report and briefed on findings, but are still investigating them, reports The New York Times.

See the 7 Most Devastating Data Breaches of 2014 >>>

Hackers Put Banks in Their Sights, But Customers Aren’t Safe Either

The banks themselves were the targets of the hack, as the hackers stole from the bank’s funds rather than customer accounts. This differs from typical bank and credit card fraud, which usually targets individuals. But while customers have not yet been victimized by Carbanak, the hacks still compromised the security of their bank accounts and personal information.

“Customers are still at risk,” said Sergey Golovanov, a researcher from Kaspersky Lab, to The Associated Press. “Criminals had access to all banking infrastructure, so they were able to get any data about customers.”

In light of the massive hack, consumers should be vigilant in monitoring their bank accounts for signs of fraud or theft. Here are a few tips:

  • Review bank statements carefully for unusual or suspicious charges.
  • Respond to alerts from your bank or credit card issuer quickly to help identify suspicious activity and protect your accounts.
  • Don’t click links in emails or open email attachments you didn’t request, even if the message appears to be from your bank.
  • Initiate secure interactions with your bank, either through the bank’s secured website, official mobile app or by calling the official customer help line.
  • Do not provide personal information, like a Social Security Number, when contacted by phone, email, or other channels, even if the contact appears to be official and from your bank. Instead, end the contact and initiate your own secure contact with your bank to follow up on the problem.
  • Ensure FDIC insurance is included on your accounts. This is a federal protection for American depositors against theft on balances up to $250,000.

Keep reading: 4 Banking Trends to Expect in the Next Decade

How Hackers Stealthily Stole $1 Billion From Banks

According to the Kapersky Lab, the Carbanak hacker group attached malware to emails that mimicked emails sent by bank employees. These emails targeted real bank employees, who clicked on the attachment and often unwittingly downloaded malware on their work computers.

With the malware installed, hackers were able to monitor computers in the banks’ networks and gain access to network systems. In many cases, the hackers were able to use this access to steal money, transferring funds to their own accounts or hacking an ATM to dispense cash. Hackers were also careful to keep the amounts low — all thefts were less than $10 million and many were far below that, presumably to avoid triggering security alerts or drawing suspicion, reports The New York Times.

“This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert,” said Chris Doggett, a director at Kaspersky North America, to The New York Times. While most cyberthefts are small-time or one-offs, “Bonnie and Clyde” style, Doggett said the Carbanak gang’s work was “much more ‘Ocean’s Eleven.'”

Read: 3 Things the U.S. Isn’t Doing to Stop Identity Theft

Photo credit: Ivan David Gomez Arce