$72M Bank Fraud Scheme Busted

Outdated Software to Blame for Vulnerabilities at Banks
$72M Bank Fraud Scheme Busted
International cooperation is to thank for the takedown of one cybercrime ring accused of stealing more than $72 million from bank accounts spanning more than 10 countries.

According to a statement posted on the Security Service of Ukraine's website, law enforcement authorities in Ukraine cooperated with authorities in 10 countries, including the U.S., to break up the ring. The hackers, two of whom were arrested in Latvia, are accused of spreading the Conficker worm to steal banking credentials and then wire more than $72 million from those bank accounts, which spanned numerous countries.

Ukraine's security service, also known as SBU, says more than 30 searches, 19 of which took place in Ukraine, were simultaneously executed on June 21. During those searches, some 30 servers, 74 desktops and laptops, more than 300 drives and disks were confiscated. Documents and cash also were seized. SBU also says crime investigators in Kiev, Kharkiv and Lugansk interrogated 16 individuals suspected of being connected with the ring.

Paul Buelens, head of project management for EastNets, a global compliance and banking payment solutions provider, says the collaboration among numerous international law enforcement agencies is a promising sign.

"It's terrific to see that the SBU has made an impact with these underground hacker groups so quickly, as the Russians had a similar counterfeit software ring that authorities have been battling since 2003," he says. "The Trojans and botnets can remain dormant for years and are activated remotely when the criminals deem necessary, making it a very difficult crime to bring down."

Buelens adds that Ukraine could soon be a good cybersecurity ally, since new regulations passed in the last six months have been aimed at thwarting money laundering and other types of financial fraud. "We have been seeing a lot of activity from Ukraine banks lately," he says.

Malware: A Global Fight

Conficker is a strain of malware that's been on the market since 2008. Zal Azmi, senior vice president of the Cyber Solutions Group at CACI International Inc., which provides professional services and IT solutions in defense intelligence, says the Conficker worm, though dated, continues to take advantage of vulnerabilities in Microsoft's operating system that were identified in 2008.

"Users are still not taking patch management seriously," he says. As a result, financial institutions and other organizations using outdated Microsoft products have left themselves open to old attacks, like Conficker.

"Continuous monitoring implementation is still lagging and system administrators have no visibility into their network IT assets," Azmi adds. "Global cooperation between law enforcement is maturing and working. We need to expand this relationship, because cyberspace does not have a geographical boundary and only global information sharing, cooperation and coordination will stop cyberattacks."


About the Author

Tracy Kitten

Tracy Kitten

Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

A veteran journalist with more than 20 years' experience, Kitten has covered the financial sector for the last 13 years. Before joining Information Security Media Group in 2010, where she now serves as director of global events content and executive editor of BankInfoSecurity and CUInfoSecurity, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.