Business

Bank Hackers Use Malware To Steal An Estimated $300 Million

The Carbanak malware infected more than 100 banks across the world, according to a new report from security firm Kaspersky.

Bank Hackers Use Malware To Steal An Estimated $300 Million
Michael Movchin / CC BY SA 3.0
SMS

An ATM in Kiev that kept dispensing wads of cash at random ended up exposing a massive criminal scheme to rob millions of dollars from banks across the world.

That's according to The New York Times, which published an advance copy of a report from security firm Kaspersky Labs Saturday. The report claims hackers infiltrated more than 100 banks across at least 30 nations and made off with an estimated $300 million — though possibly as much as three times that amount.

The full details of the attack won't be available until Kaspersky publishes the full report Monday, but here's what we do know from The Times story.

The attack began in late 2013, when the culprits sent tainted emails to hundreds of employees at different banks. Opening the email would download a malware program called Carbanak.

Once inside a bank's system, Carbanak would latch onto an administrator's computer and download a "remote access tool," or RAT. The malware allowed hackers to log keystrokes, take screenshots and even take over an infected computer.

Kaspersky analyst Sergey Golovanov told The Times, hackers then spent months learning the bank's procedures and protocols. "The goal was to mimic their activities. ... That way, everything would look like a normal, everyday transaction."

The payoff came over a period of two to four months, when the hackers would use their knowledge of a bank's inner workings to manipulate account balances and transfer money to dummy accounts or ATMs, all without the target bank suspecting a thing.

So far, none of the banks affected by the hack have stepped forward, and thanks to nondisclosure agreements signed by Kaspersky, we don't know which institutions were hit or how many people were affected.

That's something the White House would like to change. During his recent cybersecurity summit, President Obama said companies should be required to disclose any financial breach they suffer.

The Times notes both the White House and the FBI are aware of the attack, and Interpol is conducting an investigation into the breach.

This video includes images from Getty Images.